The problem I have with webauthn is the fact that it depends on the HTTP application protocol. TLS works regardless of the application protocol used. If I'm using Thunderbird to read and send email over IMAP and SMTP respectively, there shouldn't be a requirement that I use HTTP for authentication.