Re: secure sites and other user agents: from david poehlman on 2004-10-24 (w3c-wai-ig@w3.org from October to December 2004)

From: david poehlman <david.poehlman@handsontechnologeyes.com>
Date: Sun, 24 Oct 2004 08:45:20 -0400
To: "Charles McCathieNevile" <charles@sidar.org>
Cc: "wai-ig list" <w3c-wai-ig@w3.org>
Message-ID: <000901c4b9c7$5482b860$6401a8c0@DAVIDPC>

Chaals and all,

It was not any particular user agent type that I was aiming at though this 
is interesting and well put.  The problem I have with them is that they only 
list two of the many user agents out there that are up to the task.  The us 
business community needs to get a lot smarter where security is concerned 
and instead of using zero tollerance for anything but what they consider the 
big two regardless of the 80 20 rule which by the way is only a snapshot of 
what can be gathered since users with other than the big two are turned away 
and thus do not appear in the logs and some agents mask themselves so that 
they can get buy security, a solution needs to be found that benefits them 
and a wider audience or to put it another way, this denial of service 
prejudicially based on what they think you have or don't have needs to come 
to a screeching halt 20 years ago.

I asked in my response to them if they are going to update their acceptance 
list when "other user agents meet their standards for security".  If I get 
an answer, I'll pass it on.

Johnnie Apple Seed

----- Original Message ----- 
From: "Charles McCathieNevile" <charles@sidar.org>
To: "david poehlman" <david.poehlman@handsontechnologeyes.com>
Cc: "wai-ig list" <w3c-wai-ig@w3.org>
Sent: Sunday, October 24, 2004 7:19 AM
Subject: Re: secure sites and other user agents:


Well, I presume you pointed out why you don't personally find graphic
interfaces particularly useful.

Open source SSL libraries mean that SSL-capable versions of lynx, w3m, etc
have long been available - even before the US lifted its ban on exporting
implementations of the algorithm to places it didn't like much. (I used it
in Vietnam in the mid 90's, and I think that was on the list of places
that weren't supposed to be able to have this "advanced weapons
technology").

It might be worthwhile, when you are explaining why you don't find
graphical interfaces particularly helpful, explaining the reasons why
things like WCAG and UAAG suggest having some mechanism for extending the
timeout possibilities...

cheers

Chaals

-- 
Charles McCathieNevile           charles@sidar.org
                 http://www.sidar.org

<quote who="david poehlman">
>
> I recieved the below when I raised the issue of using more than just the
> latest versions of ie and netscape on a site that requires high security.
> This message also contains an answer to a problem I mentioned that the
> session timed out and when I clicked to resume my activity, my edit fields
> were depopulated.  I will write them but wanted you all to see this.
> ---message ---
> Please note that only the most recent versions of
> Internet Explorer and Netscape are compatible with our
> updated services. You may wish to contact the producer
> of your preferred browser to inquire as to when their
> software will be upgraded to be compatible with modern
> secured Internet access and advanced graphical user
> interfaces.
>
> You may prevent the loss of a message due to session
> expiration by drafting the message in another program
> prior to inserting it into your browser.
>
>

Received on Monday, 25 October 2004 09:02:18 UTC