On 2012-12-17, at 4:16 PM, Ralph Corderoy wrote:
I agree with Lyndon. Unless we find a major MUA has taken to spewing
this errant guff, making it a de facto standard, bailing out with
reference to the RFC seems fine. It may persuade the recipient to play
detective on the source.
There is an even better reason: security. Since a multipart wrapped in QP (or
base64) is undefined, there is no correct way to deal with it, and therefore
nobody will deal with it "correctly" – if that was even possible. This means
broken parsers generating stack overflows, ripe for exploitation by viruses. I
would *really* like to see the raw source for a couple of these messages, as
I'm starting to wonder if these aren't actual virus payloads.
There are reasons we have standards, and this is one of the many cases where it
is important to adhere to them.
--lyndon
_______________________________________________
Nmh-workers mailing list
Nmh-workers(_at_)nongnu(_dot_)org
https://lists.nongnu.org/mailman/listinfo/nmh-workers