> I'm sure you can come up with a protocol where you can fan out access to the secret in a way that requires fanning back messages to you. But I don't see any clear way to do so that doesn't increase the communication burden on everyone.
the spec actually supports this, it's called caBLE
Right, that flow seems somewhat straight forward and is roughly what I had in mind with my sentence. It doesn't really break you out of vendor involvement, though? You both still have to be fully in on the whole flow. Right?
Asked differently, how does this get a vendor out of the picture?
I actually thought it was more for mediating confirmation of access to them. You don't share the secret with the new party, but you and the vendor both do a flow with them to confirm that someone claiming to be an identity can support that claim.
the spec actually supports this, it's called caBLE