W3C home > Mailing lists > Public > w3c-wai-ig@w3.org > October to December 2002

Re: Assistive Technologies and HTTPS

From: David Woolley <david@djwhome.demon.co.uk>
Date: Fri, 25 Oct 2002 23:27:01 +0100 (BST)
Message-Id: <200210252227.g9PMR1s03417@djwhome.demon.co.uk>
To: w3c-wai-ig@w3.org

> I don't know about other products or technologies but my copy of 
> MacLynx doesn't support https.

Lynx for Unix and, possibly, for Win32, supports HTTPS.  The problem
historically was that it was patent encumbered, but the RSA patent 
expired about a year ago, and there are enough patent free private
key algorithms to make a royalty free implementation possible now (SSL,
itself, is patented by Netscape, but royalty free).

You need a very recent version of Lynx for it to authenticate the
web site, earlier versions would quite happily encrypt a session to
a man-in-the-middle attacker.

Assuming MacLynx is not completely different, I assume that it ought
to be possible to compile it with OpenSSL, but there is probably not a
lot of expertise in using OpenSSL on Macs.  Macs are relatively closed
systems as far as developers, particularly freeware ones, are concerned.

Minor browsers are always likely to lag in terms of the number of
certifying authorities they support (which might be an advantage, in
that the selection might prefer the more trustworthy ones).

I wonder how well the big two would handle a user with real security 
concerns, who needs to see exactly what certificate is being used.  (Most
users of HTTPS don't understand it enough to actually be able to use
it securely!  Anyone who cannot be relied on to know when they have gone
to the wrong site will get no benefit from the authentication aspects,
nor will anyone who unthinkingly cancels warning messages.)
Received on Friday, 25 October 2002 18:27:57 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 19 July 2011 18:14:07 GMT