Why a computer's root CAs override SSL key pinning, by @fugueish https://noncombatant.org/2015/11/24/what-is-hpkp-for/ …
@SwiftOnSecurity @fugueish If the Chrom{e,ium} and Firefox trademarks mandated non-circumvention to use, they could sue Dells and Lenovos.
-
-
@SwiftOnSecurity@fugueish Of course parties willing to break/ignore law can still backdoor you. But they can prevent PC vendors doing it.Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@RichFelker IMHO this is a very awkward way, only for shipped browsers, can be bypassed by technical means. PC vendors should policed by MS. -
@ch3root@RichFelker Microsoft could forbid making any modifications to the OS other than bundling the appropriate WHQL drivers. -
@ch3root@RichFelker This keeps coming up again and again. Microsoft and Google (Android) are too lenient with hardware vendors. -
@CopperheadSec@RichFelker I guess it's easier for MS than for Google. It's rumored to have very strict and elaborate contracts with OEMs. -
@ch3root@RichFelker Google has a lot more control than it appears because they have strict licensing terms for Google Play. -
@ch3root@RichFelker See their conformance requirement document: https://static.googleusercontent.com/media/source.android.com/en//compatibility/android-cdd.pdf …. There's also a testing suite for it (CTS). -
@ch3root@RichFelker They tend to use SELinux neverallow rules to forbid the vendor stupidity on a case-by-case basis these days. -
@ch3root@RichFelker For example, full disk encryption became a hard requirement with 6.0 for devices with > 50MiB/s AES throughput. - 2 more replies
New conversation -
-
-
@RichFelker@SwiftOnSecurity@fugueish Do the machines actually come with Firefox or Chrome? Irrelevant if notThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.