Right, but there is a severe risk that you give the means to block non-mainstream clients, be it browsers, operating systems or devices, correct?
Yes, it's nice to know you may want to allow user agents to browse the web without WEI and I'm sure you have best intentions, but we are already in a world where banks and even stuff like Zoom just look at the user agent string and say "Ah, I don't know this browser, please install Chrome or Edge!". Why shouldn't they just similarly halt in the future if the WEI API does not exist? I (and the browser vendor) can spoof a user agent, but you can't spoof attestation, i.e. cannot fix it if websites don't allow my browser based on the (missing) WEI API. So, how will you prevent this?
How can you make sure that users of e.g. Asahi Linux will be able to use the web in the future? Who will attestate their browser based on what? How will e.g. Gentoo users use the web with their build-from-source browser and OS? Will e.g. Netflix continue to work reliably on a user agent without WEI (but with Widevine) - and will the holdback population (if holdback is implemented at all - no offense intended, but you didn't sound too confident about this on the blink-dev mailing list, tbh) be large and significant enough for them to not just say "eh, can't verify, use the app please or wait a bit"?