[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: lynx-dev User Agent
|
From: |
David Woolley |
|
Subject: |
Re: lynx-dev User Agent |
|
Date: |
Tue, 10 Aug 1999 23:05:11 +0100 (BST) |
> To use both my bank and stock account sites, I have to change the user
> agent, otherwise they think that the (paraphrase) 'security isn't high
> enough'.
> Both officially only support Netscape and IE.
Assuming that you are using SSL Lynx, what they are saying here, effectively,
is that if the security is compromised and you lose money as a result,
they are not responsible. If the security compromise loses them money,
then they can sue you, as they took reasonable precautions, but you
negligently ignored them.
They are running a slight risk (very slight I think) that they could
lose more money than they could recover from you, so you could argue that
what you is doing is worse than putting yourself at risk. If they are
insured against the loss, misrepresenting the user agent might represent
an insurance fraud.
This is not arbitrary discrimination against Lynx, and you had better
be very confident in the security of the whole system, not just Lynx.
(At one time, Verisign would not issue certificates for SSLeay based web
servers, although Thawte would, and this was for this sort of reason.
They will now issue such certificates, but on the condition that they
can accept no responsbility for any resulting security breach. This
happened because Apache/SSL became a dominant force in the market; this
is rather unlikely to happen with Lynx.)
IANAL