* Jeffrey Walton wrote:
>Here's yet another failure that Public Key Pinning should have
>stopped, but the browser's rendition of HPKP could not stop because of
>the broken security model:

In this story the legitimate user with full administrative access to the
systems is Lenovo. I do not really see how actual user agents could have
"stopped" anything here. Timbled agents that act on behalf of someone
other than the user might have denied users their right to modify their
system as Lenovo did here, but that is clearly out of scope of browsers.
Björn Höhrmann · mailto:bjo...@hoehrmann.de · http://bjoern.hoehrmann.de
D-10243 Berlin · PGP Pub. KeyID: 0xA4357E78 · http://www.bjoernsworld.de
 Available for hire in Berlin (early 2015)  · http://www.websitedev.de/ 

Reply via email to