- From: David Woolley <david@djwhome.demon.co.uk>
- Date: Mon, 17 Mar 2003 21:49:50 +0000 (GMT)
- To: fairall@NS.SHELLWORLD.NET
- Cc: w3c-wai-ig@w3.org
> Could someone give me the user-agent header for Internet Explorer 6? Bank > of America claims that lynx doesn't support SSL encryption which I know is This is a common question on the Lynx list, although I haven't seen it recently. However, there is another issue here in that forging a User Agent in order to access a banking system could be considered fraud, and will almost certainly put the user at risk of bearing the full cost of any fraud by third parties. In particular, it needs to be noted that earlier versions of Lynx SSL don't authenticate the web site, making them vulnerable to man in the middle attacks. Faking may also violate trademarks and/or copyrights and does result in Lynx being under-recorded as as source of web accesses. Typically people do not fake the exact Internet Explorer string, but include additional information to indicate that they are using Lynx. In fact, this is what Internet Explorer does; it send its identity as Mozilla, and then, only as a comment, sends its true identity. Browser sniffing code no longer honours HTTP and uses the comment as part of the match! My guess is that, given the Internet Explorer precedent, you might avoid a fraud accusation in this case, but you are probably still have no defence if someone obtains your user ID and password and makes unauthorised transactions. By the way, was the claim made by a second line support person, as front line support people probably have little idea what Lynx is? I am not a lawyer; this is not legal advice.
Received on Monday, 17 March 2003 17:16:52 UTC