From: Yakov Shafranovich <research(_at_)solidmatrix(_dot_)com>
Also, blocking base64 encoding would block email schemes where digital
signatures are used.
That is entirely mistaken. You might want to ensure that sender and
recipient agree on whether to sign the encoded or plaintext versions
of the message, but that's all.
In the scheme proposed by Art Pollard, a copy of the public key would be
included with the signed message. Common format for public key certificates
use base 64 encoded, outright ban of all base-64 email would be a problem
for this.
Oh, I hadn't thought of that. However, you could encode a signature
with either quoted-printable or a binary MIME Content-Type. Yes, of
course, neither would be as appropriate as Base64.
The point I was trying to make is that outright ban on ALL
base-64 email is not a simple as it sounds. There are legit applications
that use it and such banning approach would have to take them into account.
That's certainly true.
As far as I can tell, all calls for bans on Base64 and Quoted-Printable
are based on naive visions on how the system works or simplistic spam
filters. Base64 and Quoted-Printable are as relevant to spam or
security problems as whether your network uses 4B5B or NRZI. Base64,
Quoted-Printable, 4B5B, and NRZI can all be decoded with simple, single
pass state machines with only a few bits of state.
I must admit that some of my irritation with HTML is because it cannot
be decode into what the user will see with Internet Explorer or Netscape
as readily. As far as I can tell, you must generate an HTML parse tree.
Vernon Schryver vjs(_at_)rhyolite(_dot_)com
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg