libera/#maemo/ Monday, 2019-05-06

DocScrutinizer05I'm pretty late on this one... nevertheless: using CSS and/or HTML in email may cause massive risk to compromise crypto privacy/signature https://arxiv.org/ftp/arxiv/papers/1904/1904.07550.pdf  https://github.com/RUB-NDS/Johnny-You-Are-Fired08:43
MaxdamantusBy "using", you mean "having it enabled in the client", right?08:52
MaxdamantusDon't think there's much you can do to influence that security as a sender of email.08:53
Maxdamantusother than not using HTML so that it's more convenient for recipients to disable it altogether.08:54
KotCzarnyhtml/js emails are evil incarnate08:55
KotCzarnyanyone sending/enabling them is asking for troubles08:55
OksanaJS, sure. But what about hyperlinks? Are they evil?08:55
KotCzarnyi would say it's up for the client/viewer to parse the links08:56
KotCzarnysince they are easy to match http.+://[^ ] etc08:56
KotCzarnyeven text terminal/irc can detect and activate links for clicking in raw text08:57
KotCzarnyso it wouldnt even be an issue for people using them and some text client (pine and friends)08:57
Oksana:grimace: I would rather have them sent out as some kind of mark up, not HTML, but something like <https://en.wikipedia.org/>, because auto-detection of links plainly misfires. Especially where people insert a dot after a link, and it gets appended to URL. Or a space inside the URL makes the auto-detect break up in the wrong place09:16

Generated by irclog2html.py 2.17.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!