ietf-asrg
[Top] [All Lists]

Re: [Asrg] Introduction and another idea

2003-06-19 11:43:33
From: Yakov Shafranovich <research(_at_)solidmatrix(_dot_)com>

...
HTML email is also used by many companies for legitimate purposes.

That is true only in absolute numbers, because the Internet is so
large that even tiny minorities can involve big numbers.  The
overwhelmingly vast majority of the use of HTML is at best a waste
of bandwidth and CPU cycles.  There is far more use of HTML mail
to violate privacy with such as "web bugs" than legitimate use.

We will know that Microsoft really cares about spam not when when
they file more lawsuits, but when they change the default configuration
of Internet Explorer to avoid generating HTML mail, when they chagne
Internet Explorer to not just assume that plaintext mail that
contains strings that look like HTML is HTML, and when they make
it easy for Hotmail and MSN users to reject HTML mail.

HTML will always be a fertile ground for privacy violations and other
nastiness.  If not for HTML mail, users would be less conditioned to
accept worms and viruses and would instead be naturally suspicious of
"active content."

I'm sure there are legitimate uses of HTML mail, but I cannot remember
ever receiving one.  I bet that you have never received HTML mail that
would not have been better in plaintext, perhaps with a URL pointing
to a web page.  (Note that modern browsers present URLs in plaintext
as "clickable links.")


...
Another concern with this sceme is the fact that email will go back to the 
dark ages with no support for attachments and no HTML support. This may 
increase people's use for email which is already under attack by spammers. 
Is the medicine as bitter as the problem?

There is a difference between having no support for fancy features and
using those fancy features everywhere and where they are a positive
hazard to computer security and personal privacy.


Also, blocking base64 encoding would block email schemes where digital 
signatures are used.

That is entirely mistaken.  You might want to ensure that sender and
recipient agree on whether to sign the encoded or plaintext versions
of the message, but that's all.


Vernon Schryver    vjs(_at_)rhyolite(_dot_)com

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg