On Fri, Oct 04, 2019 at 12:24:14PM +0100, Brian wrote: > On Fri 04 Oct 2019 at 12:53:39 +0200, to...@tuxteam.de wrote: > > On Fri, Oct 04, 2019 at 11:28:24AM +0100, Brian wrote:
[...] > > > That's *after* the mail is opened. > > > > That even complicates the challenge to define the meaning of "opening" > > a mail [...] Even unwrapping the MIME seems to > > have unintended consequences, as we witnessed not long ago... > I don't think I am the one to meet this challenge, Nor am I. I just wanted to stress that those definitions vary wildly with user's expectations: for some, displaying a HTML mail, with all that entails is fundamental -- others rather prefer to see the HTML source code and decide then what to do about it. > but I can see what > you are getting at (although I am not familiar with the "unintended > consequences"). Still, a concrete example would help. Well -- that thing I implicitly mentioned was EFAIL [1], which could leak a PGP encrypted content by crafting a broken MIME/HTML container around it. You could argue that the MIME parser is broken, but software tends to be broken in various and creative ways always. [...] > > Let's agree that the system's integrity is a (nearly) necessary > > condition to the user's data integrity -- but by far not a sufficient > > condition. > > Let's do that. I'll not even argue with "nearly". :) So we're in strong agreement here :) Cheers [1] https://en.wikipedia.org/wiki/EFAIL -- t
signature.asc
Description: Digital signature
