Re: HTML for email

tom petch <daedulus@btconnect.com> Tue, 02 March 2021 16:31 UTC

Return-Path: <daedulus@btconnect.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0BC0C3A169A for <ietf@ietfa.amsl.com>; Tue, 2 Mar 2021 08:31:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, MSGID_FROM_MTA_HEADER=0.001, NICE_REPLY_A=-0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=btconnect.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aTCKwy3U-HNZ for <ietf@ietfa.amsl.com>; Tue, 2 Mar 2021 08:31:12 -0800 (PST)
Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-eopbgr60137.outbound.protection.outlook.com [40.107.6.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A79E73A1540 for <ietf@ietf.org>; Tue, 2 Mar 2021 08:31:11 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=YPU+xRi3P1YAiR6es0G93M1VG1BlQx8zezNFX4EqzABD1ROogvVXVIgCcL1aS0J6kYhkadqXg2U06bRfv5PKtxMOKnt1KT/4eyIi0VhAszTbwiCugorScSnbwTlZuy7hD1Y/7htJXVlE5zSu7I1eFPiZnhCwtgQRLveOVpzw+ggzYbD7WQsCIVe9xfo4RbuwJmOSwRDfmKzxeM79JaiVy6vyUaZNnpjZw2hKE1NTRZsn2rKHsdaoZpdoE07UCgC2HKTwEJpqtmQ9C73ImoH+7tpUTe8yv0rWiTy67hFhkjsxToFLMjv5gvvh8ho9cFfGgndX9MKgyBsKXuGxHaq3Xg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=iEWO2aRNWIQ5SeGCdv43CXX5YC7TvxwWjNcX45XIUhs=; b=Z4xeOUqdh+XXone1TUfnDzVYYSnW+Lngz0Qxyz1h/cCd1ISlF7sHLBTKqyrjbsRgWdhDE0zIuEl8s2w6AI+ifnPHcwZUIOHvqV8HuhPEFhYHBlaSRc3bb3MTzI/aTW0E1gH5O9nMEwE1ZeNL1P6ItKOLXjA3jgTDiarr3TbbFN0lNH54xGoazikU2wU04M58xMi0ZR6f/9vcj+S1+urhObMlnEUaAc8MvFY3sR8l8OQhBegg6DNbaXa6SIR81KSQcqFfGacVdRXP0+sNSz4XZDMHYVw+Gr0S4plrSa5Hlp9fvm+qsOAB3g364xERQeMqFAHloTRuueLBzpiujN11hg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=btconnect.com; dmarc=pass action=none header.from=btconnect.com; dkim=pass header.d=btconnect.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=btconnect.onmicrosoft.com; s=selector2-btconnect-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=iEWO2aRNWIQ5SeGCdv43CXX5YC7TvxwWjNcX45XIUhs=; b=QlHxSd96nXjIHAFAtZK6YUgz15UzfcZ7BsjGL09L6EVJm/Q+3EocHeaJ6eFH9WA11SzIhFUxYfJZr1nEzOphn3jFiS67lqK4bGVXKkBLGuhsDzx2Z9DxsYcniX6PMK3UbfAuXtr4Fo+mslsYlaUzyxiEhTwLNS61QGLmZGdF2Wg=
Authentication-Results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=btconnect.com;
Received: from VI1PR07MB6704.eurprd07.prod.outlook.com (2603:10a6:800:18b::8) by VI1PR0701MB2719.eurprd07.prod.outlook.com (2603:10a6:801:7::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3912.9; Tue, 2 Mar 2021 16:31:09 +0000
Received: from VI1PR07MB6704.eurprd07.prod.outlook.com ([fe80::58e4:6cf1:a739:545d]) by VI1PR07MB6704.eurprd07.prod.outlook.com ([fe80::58e4:6cf1:a739:545d%5]) with mapi id 15.20.3912.016; Tue, 2 Mar 2021 16:31:09 +0000
Subject: Re: HTML for email
To: Nick Hilliard <nick@foobar.org>, ned+ietf@mauve.mrochek.com
References: <20210227190200.06ED46F10439@ary.qy> <4064.1614454347@localhost> <s1f0vo$ejp$1@gal.iecc.com> <59240886-320d-fae3-6b98-7b83dacaf5e7@network-heretics.com> <CAMm+LwhWCsG68GOws-Zm9TDcEZ4trGBhq7Dm-_0Ci8Ri7kDK=Q@mail.gmail.com> <603D2360.1070406@btconnect.com> <20210301183401.GI21@kduck.mit.edu> <20210301232237.GI30153@localhost> <20210301233255.GM21@kduck.mit.edu> <603E08A1.1010406@btconnect.com> <01RW6LH8U8A4005PTU@mauve.mrochek.com> <d0da909a-7c55-5493-4c32-537a9cd2f968@foobar.org>
Cc: IETF Discussion Mailing List <ietf@ietf.org>
From: tom petch <daedulus@btconnect.com>
Message-ID: <603E6847.8010608@btconnect.com>
Date: Tue, 2 Mar 2021 16:31:03 +0000
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:38.0) Gecko/20100101 Thunderbird/38.5.0
In-Reply-To: <d0da909a-7c55-5493-4c32-537a9cd2f968@foobar.org>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Originating-IP: [86.146.121.140]
X-ClientProxiedBy: LO4P123CA0434.GBRP123.PROD.OUTLOOK.COM (2603:10a6:600:1a9::7) To VI1PR07MB6704.eurprd07.prod.outlook.com (2603:10a6:800:18b::8)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from [192.168.1.65] (86.146.121.140) by LO4P123CA0434.GBRP123.PROD.OUTLOOK.COM (2603:10a6:600:1a9::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.3890.25 via Frontend Transport; Tue, 2 Mar 2021 16:31:08 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 08d3cf1a-b489-4e6a-24fe-08d8dd9895b8
X-MS-TrafficTypeDiagnostic: VI1PR0701MB2719:
X-Microsoft-Antispam-PRVS: <VI1PR0701MB2719CAF2BB262C498F3DA671C6999@VI1PR0701MB2719.eurprd07.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:8882;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: w66j0ikBuBXw4Bhw83lWja1YJ/UwLkQgSOs1G6BGKLoZQBtA5rnMKbPickFsYx3JXrfIhjpaLndj5+G4b2ds/K40AbsH0dM2yTCfNVNKZun4gJXf1K8HsxEuFue2hzh9ZoQeOH/zC7jFN6PwJgVCb0K9X00zXpcifQb5TWDITJTODZeJ2GYG1bOOstJopnW7y6TxC/Vh7H3oHKazbhBLJMwqjMnYnk8Ahth+gb0x8UTCYccZvVqogTiabhLadDbBz7+rUHNxY+T9tzVaCZwhmwTMtTUX8pTXoHvJMCkB1ElGq4O6x9rPcgQAsevZpVBf2IGcf+HU/HUUofz2lzFD0BM3SpMfJSQ7zDif0tb5AhmGzK3YRZnePxOTRFHJ+3UxIinnVHBJLSVHNsr4pQmnFraROCCb7ZIxFZvu7ZxpEhl3rdOCNCK1j4f0u3ZdE62ykS6SqF6z9Ch1/T9NFCSuHywcG/6vtIHQojDXo8loQpQ80l0Fu7R7iYNkcRmQ7w+W5eVnDEM32zRejpQ91XQwwQ==
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:VI1PR07MB6704.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(376002)(366004)(136003)(39850400004)(346002)(396003)(316002)(36756003)(956004)(5660300002)(66476007)(478600001)(83380400001)(66946007)(4326008)(186003)(2616005)(26005)(6486002)(2906002)(3480700007)(66556008)(16576012)(7116003)(8936002)(6666004)(8676002)(86362001)(52116002)(87266011)(16526019)(33656002)(53546011); DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData: =?utf-8?B?Sko1dC9mUlZxdzJLTkN4YWlGUmlMRXN5N24xd3NLVlg4eEFXd1ZxSnBHNHZC?= =?utf-8?B?RmNRTUovS1ZlSng2YUJKMGRWaktwUitBZ0pnTGg4bjNubk1rK053SEdldWI1?= =?utf-8?B?NlVLMHBrUGVjcmxUK0FtMGZjL01UMjZNV1gvTTRvZmkxL05yOUp0aUlIeGRm?= =?utf-8?B?TjYzaWxIbitqQmhYWmhOaExYVm1yM0l1ZXRiRDVkTjBpeEhkdGFvNEl4LzNZ?= =?utf-8?B?bm93ZXZsZm5zZ2g3RWNMbmlIUDVJLzVJRDg4NjZuVldEdzBXZmd6RGljdkRp?= =?utf-8?B?RjVwOHBORyt4ODQ2aXhxRDNaMU1BbWVlR2g4azAwQlVHQmtsMEVBcWtxK1J2?= =?utf-8?B?enlCMExqUE1GZll4dXlWUGdId21IdVNSNSs4VEozMTJ0a1VicE1Bd0hxbzlk?= =?utf-8?B?dkNaUkhNYk5EYXZyWlJVbC95elB4ZXNrYUdVckJNR1QwMTNvNG5LLzc4MkVX?= =?utf-8?B?akk0aExEVVJza1NZalZSU0VXVDcrYk5PZjB6U3kzVFc5RUcwMUhkKzBMRHZz?= =?utf-8?B?ZDhhdnVtZHoxL1lUZTZyUXFPcWM1MTl6NFc1eVdmelVvSDlUbGQ2TUxCUGwy?= =?utf-8?B?RVZBdGkvRWNic1JiRFYvd2dlWUowejd4dXpjVkFBeFg5WWgyT1NoVWRaeDRR?= =?utf-8?B?U3A3ZE1IVUFpMVNuY2kzczdIZXdMUlVmWisyZ283Um5RS2x2SXhiWTU4Mmxi?= =?utf-8?B?TCtoVEhRN3dJK2d5Sm1hVEd5NDRoNTZ4RXFkMWE1L2VsanY3MnEyR21rTU95?= =?utf-8?B?ZmQyeEJaU2VaZDRnRmY0QmEvckJFYVFJU1A5VEtMRDBvMHR6NWh2cVkxSENF?= =?utf-8?B?RDh4aDFDS2FYWGNrc1d2b25NWkFqb1JtMFRmVzR4TG12Q3hwVVJDL0xvL1BS?= =?utf-8?B?VU1XWkRhblNldXg0bkVnZm9IT2tHSmhWRUJYUytjUUxGK3UrbzhOR1BPRHpk?= =?utf-8?B?ZXRLMVZuNWFxdGFSVEEvNnlXdnd1S2l2d3JsNURJTk0rSUczOFcvbnV2bjln?= =?utf-8?B?WklyS2NSNVljaWxaMFBBZVVrVitSY1U2TkNDMlIzNDFzeGJXem5yVSsxSlpE?= =?utf-8?B?d2hITjJXdGVPVjB2K2ZFY25hSHE5Q1hTZjlDbHBXcjlIR1haZmk4QWU3NkZK?= =?utf-8?B?Y2tId1NONUZwQWNNMUkxR2dHOE5QOFNWNXZoekdUUElnTnpoSUN6RFJ1WEJp?= =?utf-8?B?OHpZUmZ5SldCcS9WejgrTVRvOHIzYlpBZTRGamRZTU5SbS9WS29jdXhac0oz?= =?utf-8?B?Y2kwR1VqQkNZbUZKbzhFTjBDRU85QTBjbFRnUU1wNG5CZ2Q5NUFOcU5yS3Fr?= =?utf-8?B?dlpCeDVsYW0yNW8rc3Q1MzZSdUtreWY4Und2ZitVY1hvN0xOUk82QVlrL3FM?= =?utf-8?B?YXJyemxSaHAvaDd3K2tXTkFSakxFVFdWSnFQbVNKdklTbnNvK0l2OGdqZUVM?= =?utf-8?B?RXpLMHoxejFuOTFtbE9RSEZQdjB6UVJmakFLQ05TODBxUERyWWRkajlhUXZv?= =?utf-8?B?aTRyVnBoQXBZVHhOcFdvNDlaQkZ0ZUs0N2pORVJJOGZIWEJleGV0QitFMmd6?= =?utf-8?B?MDIvTHlBWWY4Nng2a3Zpd1dPNjJJL3NWVEpzT0dVeWRJcDk0U29kQTNGUlBm?= =?utf-8?B?L05ncTdxWm9qQjZBV2UyVzA5c1VqYlpKNHBkbC9sbUVRK2JhcmJndnhPQUEy?= =?utf-8?B?RUNDbGxia2xUVG9ORWVLWVlzbU1tSEs5aWVrL3VXOENuMzcxK0FWNWlINEVT?= =?utf-8?Q?pexGDDYLYrgXkWVkm38QIue9FMje++FAOJ4l+yN?=
X-OriginatorOrg: btconnect.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 08d3cf1a-b489-4e6a-24fe-08d8dd9895b8
X-MS-Exchange-CrossTenant-AuthSource: VI1PR07MB6704.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 02 Mar 2021 16:31:09.1626 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: cf8853ed-96e5-465b-9185-806bfe185e30
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 4gxtp00dU6hoS0O8IMcQ0Tylp0pWXXyS5ibl+JL6S4bToCIcgj4uQd59r4mQzJVO7otkr1lUmmDgdh+bKDspew==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0701MB2719
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/Qznn3yOt9DHnKMMyXExfYCcinhU>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Mar 2021 16:31:14 -0000

On 02/03/2021 15:55, Nick Hilliard wrote:
> ned+ietf@mauve.mrochek.com wrote on 02/03/2021 14:08:
>> And like it or not, outside the IETF the HTML horse left the barn a
>> long time back.
>
> Bear in mind that even within the IETF, plenty of people view the entire
> HTML email debate as flogging the proverbial dead horse, and when it
> rolls around every several months, welcomes it in the same way that you
> might welcome an outbreak of cold sores.
>
>> We can chose to deal with or ignore it, but getting
>> it back in the barn is not an option.
> Looking at this from a different perspective, in the twenty-something
> years of discussion since Content-Type: text/html first appeared, have
> any actionable and viable suggestions emerged about how to deal with
> html email, other than stripping it off in the archived emails?

Strip it off before sending it out to list subscribers!  Perhaps an 
option on the subscription for those who want to risk the HTML.  I would 
leave the HTML in the archive as I have more control over when and how I 
access that.

The issue as I first said is privacy.  I think that the IETF, along with 
other parts of the industry have done a bad job of alerting users to the 
potential for evil actors with a variety of protocols.  There is a lot 
at the moment around me based on an older technology, phones, on the 
ability of evil actors to forge the number that appears on caller 
display to be that of a trusted organisation, government, financial 
institution and so on.  There is also the trick that the caller does not 
put the phone down so when you call back your trusted institution to 
verify the caller, you get the evil actor's mate.  And I read that the 
bill for this is racking up billions, typically via push-payment fraud.

Here, the idea that opening an e-mail, or letting it be implicitly 
opened for you by the system, enables someone to track when and where 
you are, via HTML, will, I think, come as a surprise to many and, given 
the attention that privacy has garnered in the IETF, that surprise will 
be unwelcome.  As I said, given all that attention, I remain at a loss 
that the IETF does nothing about it, allows it on IETF lists, does not 
publish text/html considered harmful.  I do not see a way that evil 
actors can exploit this for e.g. financial gain, but then, I do not have 
the mindset of an evil actor - doubtless they are working on it.

Tom Petch

> Maybe the people who are upset about html email could form a working
> group, take the discussion there and write up an ID with observations
> and recommendations for html emails at the ietf?


> Nick
> .
>