W3C home > Mailing lists > Public > public-webapps@w3.org > January to March 2015

Re: The futile war between Native and Web

From: Bjoern Hoehrmann <derhoermi@gmx.net>
Date: Thu, 19 Feb 2015 19:44:38 +0100
To: noloader@gmail.com
Cc: Anne van Kesteren <annevk@annevk.nl>, public-webapps WG <public-webapps@w3.org>
Message-ID: <m6bcea9033dpjkls2d6lr1u5l0s0gertgp@hive.bjoern.hoehrmann.de>
* Jeffrey Walton wrote:
>Here's yet another failure that Public Key Pinning should have
>stopped, but the browser's rendition of HPKP could not stop because of
>the broken security model:
>http://arstechnica.com/security/2015/02/lenovo-pcs-ship-with-man-in-the-middle-adware-that-breaks-https-connections/.

In this story the legitimate user with full administrative access to the
systems is Lenovo. I do not really see how actual user agents could have
"stopped" anything here. Timbled agents that act on behalf of someone
other than the user might have denied users their right to modify their
system as Lenovo did here, but that is clearly out of scope of browsers.
-- 
Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de
D-10243 Berlin · PGP Pub. KeyID: 0xA4357E78 · http://www.bjoernsworld.de
 Available for hire in Berlin (early 2015)  · http://www.websitedev.de/ 
Received on Thursday, 19 February 2015 18:45:12 UTC

This archive was generated by hypermail 2.3.1 : Friday, 27 October 2017 07:27:25 UTC