Re: LYNX-DEV more about wells fargo, schwab

[Brian Tillman]

Scott writes:

>I assume that Netscape will take the latest approved version of
>the publicly availble code, add SSL and other removed items, and
>build the Netscape Binary from it. That binary will be as secure
>as it is now and likely be backed by the same assurances from
>Netscape. What you build from your copy of their code is something
>else entirely.

This certainly doesn't address the other point I made.  It also doesn't
address how the server side is going to _know_ that the Navigator that is
connecting to it is one of the publicly-derived ones or a Netscape-built
ones, or, in fact, that it's Navigator at all, since someone with the
source will be able to mimic any agent s/he wishes.  You seem to miss the
point that once Navigator source is available, it can no longer be trusted
any further than Lynx, since there would no longer be any way to tell who
created it, on what platform it's running or how (un)secure the end-to-end
path is.  In fact, as I already pointed out, you'd be fooling yourself to
contend that you can determine that now, considering the system with the
keyboard and the system where the Navigator client runs aren't necessarily
the same system.  The argument that Wells Fargo has some assurance that the
end-to-end path is secure is pure baloney.

 Brian Tillman                   Internet: tillman_brian at si.com
 Smiths Industries, Inc.                   tillman at swdev.si.com
 4141 Eastern Ave., MS239        Addresses modified to prevent
 Grand Rapids, MI 49518-8727     SPAM.  Replace "at" with "@"
        This opinion doesn't represent that of my company