W3C home > Mailing lists > Public > w3c-wai-ig@w3.org > January to March 2003

Re: please respond to original poster:Fw: user-agent header

From: Nick Kew <nick@webthing.com>
Date: Tue, 18 Mar 2003 00:16:26 +0000 (GMT)
To: David Woolley <david@djwhome.demon.co.uk>
cc: w3c-wai-ig@w3.org
Message-ID: <Pine.LNX.4.21.0303180009150.1485-100000@jarl.webthing.com>

On Mon, 17 Mar 2003, David Woolley wrote:

> it recently.  However, there is another issue here in that forging
> a User Agent in order to access a banking system could be considered
> fraud,

Erm, the HTTP spec is very clear about NOT relying on user agent strings.
If you get round their so-called security by faking one, how is anyone
going to make a case that the fault is with anyone other than the idiots
who ignored the spec in the first place?

> noted that earlier versions of Lynx SSL don't authenticate the web site,
> making them vulnerable to man in the middle attacks.

ISTR the same is true of several browsers, including not least MSIE.

> Faking may also violate trademarks and/or copyrights and does result in
> Lynx being under-recorded as as source of web accesses.

Stats are a lost cause, when so many users of highly-capable minority
browsers like Opera and Konqueror take the line of least resistance.

> I am not a lawyer; this is not legal advice.

Ditto.


-- 
Nick Kew
Received on Monday, 17 March 2003 19:16:35 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 19 July 2011 18:14:08 GMT