I was wondering if anything had changed since the PIE blog from August 2018 (Security Concerns Surrounding WebAuthn: Don't Implement ECDAA (Yet)), which also mentions nobody had implemented ECDAA yet so there was time to fix things.

Unless something's happening in FIDO-land where mere mortals like me are not privy to, FIDO ECDAA Algorithm from July 2018 predates the concerns raised in the blog post, so nothing seems addressed.

Unless I'm mistaken, "nobody implemented it" is still the case as well:

• I scanned the Chromium and Firefox sources and couldn't find support
• nothing in the MDS either
• the only public discussion seemed to have been Q: Regarding Security Concerns Surrounding WebAuthn: Don't Implement ECDAA (Yet) #1196 and nothing on the fido-dev mailing list

Given the recent removal of unimplemented extensions should ECDAA also be removed?