Matt wrote: > > On Mon, 22 Oct 2001, David Combs wrote: > > > > The browser you are using does not meet Wells Fargo's stringent > > security standards. This means that you will not be able to bank > .... > > which is a load of crap.
I believe some builds have inadequate random number generators - I think only those that make use of an OS kernel random number generator may be safe in that respect. In addition, there has been no independent security audit on the code, and as the above indicates, simply including OpenSSL does not guarantee security - both Netscape and Microsoft have produced insecure encryption using strong encryption libraries in the past. There is also not very tight version control, so a security validation for one version doesn't guarantee the security of other versions. There is at least someone to sue and with a reputation to defend when you use a commercial product, even if they have been naive about encryption in the past. At the very best, I would say that anyone faking the user agent string in this context would have to bear all the financial consequences of a breach of security or any other failure that could possible be due to a breach of security, and, at worst, their actions might be considered fraudulent, because of the faked user agent string. IANAL, but I would advise consulting one before faking a user agent string to get round encryption authorisation rules. ; To UNSUBSCRIBE: Send "unsubscribe lynx-dev" to [EMAIL PROTECTED]
