>This requires the attacker to steal your key. When that happens, by the time they can get the secret key I've already revoked it.
You're held in custody, detained, arrested, etc while your keys are dumped and accounts are accessed. You don't have the opportunity to revoke it without risking prison time.
This situation can happen if you simply choose to fly or visit another country.
That’s a different situation outside of most people’s reasonable threat model. The police don’t need to clone your Yubikey if they can use it as much as they want, and if they decide to go NYPD on you nothing else you do is going to end in a different outcome unless your MFA check is an in-person confirmation in a location outside of their control.
Though in this scenario, your adversary doesn't need to resort to a technical attack to clone your key. They can compel you to comply, and keep you locked up until you do.
They can, but assuming the law is actually being followed, you can only be held for so long without charges, and can be compelled to provide so much testimony.
Being able to quickly clone keys gives any LEO an opportunity to access your digital life as part of a simple stop versus a full criminal case.
In the UK, s 49 of the Regulatory and Investigatory Powers Act 2000 provides for 2-5 years' imprisonment if you were to fail to do so, depending on the nature of the offence under investigation.
In Australia, s 3LA of the Crimes Act 1914 (Cth) imposes a similar obligation with a penalty of 5 or 10 years' imprisonment.
If you find yourself in this position in Russia or China, they would just make you disappear for as long as they saw fit.
You're held in custody, detained, arrested, etc while your keys are dumped and accounts are accessed. You don't have the opportunity to revoke it without risking prison time.
This situation can happen if you simply choose to fly or visit another country.