[saghm]

> Considering how the submitted article is about a shitty implementation in a regular Windows program, you can be sure the implementation in UEFI is even shittier (may not check certs, may not even use HTTPS, etc)

I don't think it's fair to conflate the security of perpetually running daemon that allows arbitrary instructions from remote endpoints with a manual download that's only initiated in very specific circumstances. Yes, it would be bad not to check certs or use HTTPS, but I'm not sure I buy that this would be "too insecure to fix" compared to trying to allow something to remotely push updates that I never asked for. You don't have to accept that my threat model where I've decided that I'm willing to risk one manually-initiated request that might be somewhat unsafe every few months or so is worth it, but I don't see how you can argue that it's somehow _more_ dangerous than the version that runs continuously at all times and doesn't require any input from me.