At 08:28 PM 2002-03-11 , you wrote: >On Mon, 11 Mar 2002, Matt Ackeret wrote: > >> An example I can think of is wellsfargo.com. They only support IE (and >> MAYBE Netscape).. But anyway, to use them with Lynx, I have to fake Mozilla. >> (I also have to manually refresh on the "looking up acct info" page) > >I believe that this is probably a case where they are intentionally >trying to exclude lynx, since they have no assurance of the way the >SSL was compiled. I suspect that their terms of service may specify >usage of certain browsers, but I don't really know.
<don asbestos/> You don't have to know how the SSL was compiled. If the code was not put together right, the encrypt and decrypt won't match and the SSL falls apart. You can't fake the algorithm. You have to do it, and do it right. This is banking; we are talking civil rights, not any fit domain for laissez faire. Bank terms of service requiring a specific browser ought to be illegal and may yet be shown to be so by existing law via court cases. Security is so mathematical that the algorithms are self-enforcing. Requiring a particular codebase is not reasonable by any stretch of the imagination for security reasons. Key length, maybe; specific implementation, no way. This is about to be demonstrated once again in the virtual plugfests of the Global Grid Forum Grid Computing Environments Web Services Testbed, where they will be playing crypto implementations from rather competitive groups and show that they all play together. http://www-unix.gridforum.org/mail_archive/gce-wg/threads.html#00088 Actually, with Lynx just search the chronological index for 'testbed.' Al > Doug >__ >Doug Kaufman >Internet: [EMAIL PROTECTED] > > >; To UNSUBSCRIBE: Send "unsubscribe lynx-dev" to [EMAIL PROTECTED] > ; To UNSUBSCRIBE: Send "unsubscribe lynx-dev" to [EMAIL PROTECTED]
