I mean, devil's advocate here, this tech already exists and the question is do we do client attestation in a browser or pretend remote attestation doesn't exist.

If this gets rejected, would that mean that services that need a "trusted client" simply deprecate their web apps and rely on a iOS/Android app?

I'm not trying to argue in favor of WEI, I just think this doesn't magically disappear if Google doesn't implement in Chrome, it just moves the problem elsewhere. The fight was implementing TPM in the first place.

The problem is, this is very open (or even designed) to be abused by their implementers. It's akin to having only Microsoft as the Secure Boot key authority.

Mobile devices already has tons of attestation features. Secure enclaves, security processors, cryptographic capabilities of SIM cards (e.g. I carry my private key inside my SIM card, and use it as a wet signature, legally).

We do not need this tech which can and will be abused to lock any tech savvy person from daily internet based on arbitrary rules. There are no checks and balances. This is a very broad set of capabilities which is forced upon users.

This is no proposal, or experiment. It's a force-push attempt.