They (like any other entity) can attest, but such attestation should hold as few of any special value as possible.
An unusual position, as historically governments have provided birth and death registries [0], passports, identity cards, etc, etc
[0]: or, earlier, in the West at least, the church
Email is still a protocol, and the thing that ATProto is doing causes as many problems as it purports to solve.
Mostly because "decentralized identity" is still "identity." And the safest way to do identity is to have it be destructable and remakable on the fly.
It might be the safest, but it defeats lot of the purpose of identity. There is a reason it is a hassle to change your email address... so many services are tied to that identity. You can change it, but you have to change every service that is relying on it as your identity, and you still have to own your old email so you can prove to the service that you are the same person.
I am not sure how you could ever avoid this problem? The purpose of an identity is to be able to tell that one request is made by the same person who made a previous request... persistence is a requirement.
Identity is always hard, and I strongly doubt there is any great way that makes it "easier" and still safe.
Aka, yes please kill passkeys, or at least be super upfront and informative.
"When you use passkeys, you are giving your keys to Apple or Google, and they cannot guarantee safety."
> "When you use passkeys, you are giving your keys to Apple or Google, and they cannot guarantee safety."
Not true with hardware passkeys, which also add a true second factor. Central passkeys are a problem, though.
To go on a tangent - I think that more people having personal public key pairs (via crypto) than ever is actually a positive direction. Atprotocol is another big player in identity at the moment, just as long as "can't be evil" mechanisms are kept alive and have good UX.
Which for reputable TLDs is permanent, outside illegal activities.