lynx-dev
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: LYNX-DEV more about wells fargo, schwab


From: Mark H. Wood
Subject: Re: LYNX-DEV more about wells fargo, schwab
Date: Fri, 13 Mar 1998 08:38:45 -0500 (EST)

On Thu, 12 Mar 1998, Scott McGee wrote:

> "Brian Tillman" <address@hidden> asks:
> >
> >  Moreover, Netscape has made Navigator's source availalble 
> >for all (http://www.mozilla.org/).  How, pray tell, does Wells
> >Fargo have any assurance Navigator is any safer than Lynx?
> 
> First, last I looked, the code was not yet availible. Second, 
> according to the docs I read (at www.mozilla.org), the SSL will
> not be included in the released code, so you can't build an SSL
> capable Netscape from just thier code.

One can't build an SSL-capably Lynx from "just their code" either.

> I assume that Netscape will take the latest approved version of
> the publicly availble code, add SSL and other removed items, and
> build the Netscape Binary from it. That binary will be as secure
> as it is now and likely be backed by the same assurances from
> Netscape. What you build from your copy of their code is something
> else entirely.

How does the server know whether you are using precompiled Netscape 
binaries, or something you built which *says* it is precompiled Netscape 
binaries?  I can see it now:  a workstation containing Netscape for my 
bank, another Netscape for my stockbroker, etc. etc. ad nauseam, each 
individually tailored for my account and digitally signed by the firm so 
that copying protocol exchanges won't work.  This way madness lies.

This is one of the areas in which the best solutions are not 
technological but legal/contractual.  The fact of the matter is that you 
cannot control the entire transaction path from brain to brain -- there 
are too many options, and good reasons for having them.  Better to 
explain the concerns to your customers, and carefully lay out what 
liabilities you will accept under carefully specified conditions, than to 
try to keep customers fat, dumb, and happy with plausible measures that 
don't actually work.  (How one gets a court to agree with such limits on 
liability is way beyond the scope of my expertise, I'll admit.)

All of this has very little to do with Lynx, so I guess I'd better shut 
up now.

-- 
Mark H. Wood, Lead System Programmer   address@hidden
One more time:  a (level-2) switch is a bridge.  A "level-3 switch" is
a router.  Deal with it.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]