On Thu, Feb 19, 2015 at 1:44 PM, Bjoern Hoehrmann <derhoe...@gmx.net> wrote:
> * Jeffrey Walton wrote:
>>Here's yet another failure that Public Key Pinning should have
>>stopped, but the browser's rendition of HPKP could not stop because of
>>the broken security model:
> In this story the legitimate user with full administrative access to the
> systems is Lenovo. I do not really see how actual user agents could have
> "stopped" anything here. Timbled agents that act on behalf of someone
> other than the user might have denied users their right to modify their
> system as Lenovo did here, but that is clearly out of scope of browsers.
> --
Like I said, the security model is broken and browser based apps can
only handle low value data.


Reply via email to