From: Eugene Leitl (Eugene.Leitl@lrz.uni-muenchen.de)
Date: Thu Feb 21 2002 - 23:48:44 MST
Let's face it, HTML in email is unnecessary, a security risk, and simply
impolite. At some point in the near future people who contact me with
HTML-only email will get back a polite canned reply on why HTML in email
is bad, and how to configure their MUAs to switch it off.
I'm surprised we have at all to discuss this. I thought the debates were
all over many years ago. What next, MS Word .doc attachments?
On 21 Feb 2002, Perry E. Metzger wrote:
>
> Jeff Fabijanic <jeff@research.panasonic.com> writes:
> > Fwiw, I can think of a bunch of html-aware browser/email clients where this
> > trick doesn't work if you don't want it to. Pick up a recent version of
> > Eudora, Mozilla, Opera (and iCab, Omniview, etc) - all allow you to avoid
> > the little 0k GIF trick.
>
> And there are similar tricks they don't avoid, including accessing
> style sheets, accessing components that aren't "ignored", javascript
> tricks, etc.
>
> > Html-aware <> unalterably insecure.
>
> Generally, it actually does in practice, at least if you're going to
> have the html readable, because people expect to use downloadable
> design elements, at which point you can't avoid leaking that you're
> looking at the mail.
>
> Furthermore, it is a pain in the neck to read HTML on a terminal
> connection.
>
> > Looks like you need some egg-sucking lessons.
>
> If you think so.
>
> .pm
>
-- Eugen* Leitl leitl
______________________________________________________________
ICBMTO: N48 04'14.8'' E11 36'41.2'' http://www.leitl.org
57F9CFD3: ED90 0433 EB74 E4A9 537F CFF5 86E7 629B 57F9 CFD3
This archive was generated by hypermail 2.1.5 : Fri Nov 01 2002 - 13:37:40 MST