W3C home > Mailing lists > Public > public-webapps@w3.org > January to March 2015

Re: The futile war between Native and Web

From: Jeffrey Walton <noloader@gmail.com>
Date: Thu, 19 Feb 2015 14:43:27 -0500
Message-ID: <CAH8yC8mpoaS+Gvk40FGaYSN_5F9Wjspv4nU+WNcJR1quMBcb8g@mail.gmail.com>
To: Bjoern Hoehrmann <derhoermi@gmx.net>
Cc: public-webapps WG <public-webapps@w3.org>
On Thu, Feb 19, 2015 at 1:44 PM, Bjoern Hoehrmann <derhoermi@gmx.net> wrote:
> * Jeffrey Walton wrote:
>>Here's yet another failure that Public Key Pinning should have
>>stopped, but the browser's rendition of HPKP could not stop because of
>>the broken security model:
> In this story the legitimate user with full administrative access to the
> systems is Lenovo. I do not really see how actual user agents could have
> "stopped" anything here. Timbled agents that act on behalf of someone
> other than the user might have denied users their right to modify their
> system as Lenovo did here, but that is clearly out of scope of browsers.
> --
Like I said, the security model is broken and browser based apps can
only handle low value data.

Received on Thursday, 19 February 2015 19:43:55 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:14:44 UTC