- From: Jeffrey Walton <noloader@gmail.com>
- Date: Thu, 19 Feb 2015 12:21:22 -0500
- To: Anne van Kesteren <annevk@annevk.nl>
- Cc: public-webapps WG <public-webapps@w3.org>
On Thu, Feb 19, 2015 at 12:15 PM, Anne van Kesteren <annevk@annevk.nl> wrote: > On Thu, Feb 19, 2015 at 6:10 PM, Jeffrey Walton <noloader@gmail.com> wrote: >> On Mon, Feb 16, 2015 at 3:34 AM, Anne van Kesteren <annevk@annevk.nl> wrote: >>> What would you suggest instead? >> >> Sorry to dig up an old thread. >> >> Here's yet another failure that Public Key Pinning should have >> stopped, but the browser's rendition of HPKP could not stop because of >> the broken security model: >> http://arstechnica.com/security/2015/02/lenovo-pcs-ship-with-man-in-the-middle-adware-that-breaks-https-connections/. > > That does not really answer my questions though. > Good point. Stop letting externalities control critical security parameters unmolested since an externality is not the origin nor the the user. HPKP has a reporting mode, but a broken pinset is a MUST NOT report. Broken pinsets should be reported to the user and the origin so the browser is no longer complicit in covering up for the attacker. Jeff
Received on Thursday, 19 February 2015 17:21:52 UTC