the evil of html was Re: pgp signing in van
t.p. <daedulus@btconnect.com> Tue, 10 September 2013 13:37 UTC
Return-Path: <daedulus@btconnect.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2A4FE21E80D8 for <ietf@ietfa.amsl.com>; Tue, 10 Sep 2013 06:37:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RjY5BL6gnJ5B for <ietf@ietfa.amsl.com>; Tue, 10 Sep 2013 06:37:11 -0700 (PDT)
Received: from ch1outboundpool.messaging.microsoft.com (ch1ehsobe004.messaging.microsoft.com [216.32.181.184]) by ietfa.amsl.com (Postfix) with ESMTP id 2A55921E811D for <ietf@ietf.org>; Tue, 10 Sep 2013 06:37:03 -0700 (PDT)
Received: from mail132-ch1-R.bigfish.com (10.43.68.235) by CH1EHSOBE020.bigfish.com (10.43.70.77) with Microsoft SMTP Server id 14.1.225.22; Tue, 10 Sep 2013 13:36:57 +0000
Received: from mail132-ch1 (localhost [127.0.0.1]) by mail132-ch1-R.bigfish.com (Postfix) with ESMTP id 864D51A0084; Tue, 10 Sep 2013 13:36:57 +0000 (UTC)
X-Forefront-Antispam-Report: CIP:157.56.254.197; KIP:(null); UIP:(null); IPV:NLI; H:DB3PRD0711HT004.eurprd07.prod.outlook.com; RD:none; EFVD:NLI
X-SpamScore: -14
X-BigFish: PS-14(zz98dI9371I542Izz1f42h208ch1ee6h1de0h1fdah2073h1202h1e76h1d1ah1d2ah1fc6hzz1de098h1033IL1de097h8275bh8275dhz2dh2a8h5a9h839h947hd24hf0ah1177h1179h1288h12a5h12a9h12bdh137ah139eh13b6h1441h1504h1537h162dh1631h1758h17f1h184fh1898h18e1h1946h19b5h19ceh1ad9h1b0ah1d0ch1d2eh1d3fh1dfeh1dffh1e1dh1e23h304l1d11m1155h)
Received: from mail132-ch1 (localhost.localdomain [127.0.0.1]) by mail132-ch1 (MessageSwitch) id 1378820215666183_868; Tue, 10 Sep 2013 13:36:55 +0000 (UTC)
Received: from CH1EHSMHS012.bigfish.com (snatpool1.int.messaging.microsoft.com [10.43.68.249]) by mail132-ch1.bigfish.com (Postfix) with ESMTP id 954264E004E; Tue, 10 Sep 2013 13:36:55 +0000 (UTC)
Received: from DB3PRD0711HT004.eurprd07.prod.outlook.com (157.56.254.197) by CH1EHSMHS012.bigfish.com (10.43.70.12) with Microsoft SMTP Server (TLS) id 14.16.227.3; Tue, 10 Sep 2013 13:36:55 +0000
Received: from DBXPRD0411HT004.eurprd04.prod.outlook.com (157.56.253.165) by pod51017.outlook.com (10.255.183.37) with Microsoft SMTP Server (TLS) id 14.16.353.4; Tue, 10 Sep 2013 13:36:52 +0000
Message-ID: <006601ceae2a$a857aa20$4001a8c0@gateway.2wire.net>
From: "t.p." <daedulus@btconnect.com>
To: Ted Lemon <Ted.Lemon@nominum.com>
References: <m2zjrq22wp.wl%randy@psg.com> <2309.1378487864@sandelman.ca><522A5A45.7020208@isi.edu><CA2A6416-7168-480A-8CE1-FB1EB6290C77@nominum.com><522A71A5.6030808@gmail.com><6DE840CA-2F3D-4AE5-B86A-90B39E07A35F@nominum.com><CAPv4CP_ySqyEa57jUocVxX6M6DYef=DDdoB+XwmDMt5F9eGn1A@mail.gmail.com><18992.1378676025@sandelman.ca><8D23D4052ABE7A4490E77B1A012B63077527BC7A@mbx-01.win.nominum.com><522CF86C.9040909@stpeter.im> <522D03C4.5060807@isdg.net><522D0617.5030101@stpeter.im><3FEF8F74963AF3D7771BE40C@caldav.corp.apple.com><522E017F.70507@stpeter.im> <CAL02cgR0swpLCag2JoBQvVTxgNg1SFvSc6YWECHc1cHqm_t7Vw@mail.gmail.com> <022201ceae04$40d92d40$4001a8c0@gateway.2wire.net> <A38140EE-AF6E-4D98-90BF-D96F126089A0@nominum.com>
Subject: the evil of html was Re: pgp signing in van
Date: Tue, 10 Sep 2013 14:35:30 +0100
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
X-Originating-IP: [157.56.253.165]
X-OriginatorOrg: btconnect.com
X-FOPE-CONNECTOR: Id%0$Dn%*$RO%0$TLS%0$FQDN%$TlsDn%
Cc: ietf@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Sep 2013 13:37:22 -0000
----- Original Message ----- From: "Ted Lemon" <Ted.Lemon@nominum.com> To: "t.p." <daedulus@btconnect.com> Cc: "Richard Barnes" <rlb@ipv.sx>; "Peter Saint-Andre" <stpeter@stpeter.im>; <ietf@ietf.org> Sent: Tuesday, September 10, 2013 2:03 PM On Sep 10, 2013, at 4:41 AM, t.p. <daedulus@btconnect.com> wrote: > for reasons of > security, of course; html has far too many attack vectors to allow it to > be processed in e-mail If that's true, why is it safe for you to use HTML in a web browser? Is it because you feel that the HTTP trust model is safer? Are you trying to avoid attacks via spam? If the former, you are probably mistaken. If the latter, it seems to me that PGP-signed messages would help with this, and that you ought to switch to a non-broken MUA. <tp> Ted A URI in a plain text e-mail means what it says; a URI in <a ... /> in html can display a perfectly innocent name while linking me to an evil website, a much used tactic. (If my MUA promised never to follow a link, then I would let it process html). With a web browser, at least I am myself choosing to click on the link, I can easily view the underlying html if I am doubtful (possible, but not so easy with an MUA), I can see the address in the browser address bar and kill it if it goes where I do not want it to. It is the user interface of the MUA to the html that is inadequate, browsers do it better. But increasingly, I find web sites becoming evil, perhaps when I am following a link from an e-mail posted to an IETF list to access background information and then find https links being set up from my browser to sites that I do not wish to have any truck with (e.g. twitter, facebook), presumably in order to take clandestinely details of me in order to build up a profile of me for some nefarious purpose. So increasingly, I do not trust html in web sites either. Tom Petch </tp> Your assumption about HTML email is particularly worrisome because it is similar to an assumption people frequently make that NATs and firewalls keep them safe because unsolicited incoming connections are dropped. This is of course not true, because it's not that difficult to get you to make an outgoing connection to an address that leads to an attack against your browser. It's certainly easier to attack you by sending you spam, and prohibiting HTML in email does protect you from attacks via HTML flaws by spammers. But you pay a pretty heavy price for that protection, and it's one that most email users would not consider paying, so by doing this you are essentially deciding not to eat our dogfood. If we IETFers do this sort of thing habitually, we wind up living in a security context that most users do not live in, and wind up designing protocols that really don't address the needs of most users. This is Very Bad.
- Re: pgp signing in van Scott Kitterman
- Re: pgp signing in van Scott Kitterman
- Re: pgp signing in van Melinda Shore
- pgp signing in van Randy Bush
- Re: pgp signing in van Phillip Hallam-Baker
- Re: pgp signing in van Dave Crocker
- Re: pgp signing in van Scott Kitterman
- RE: pgp signing in van l.wood
- Re: pgp signing in van Russ Housley
- Re: pgp signing in van Michael Richardson
- Re: pgp signing in van Peter Saint-Andre
- Re: pgp signing in van Phillip Hallam-Baker
- Re: pgp signing in van Ted Lemon
- Re: pgp signing in van Joe Touch
- Re: pgp signing in van Phillip Hallam-Baker
- Re: pgp signing in van Phillip Hallam-Baker
- Re: pgp signing in van Ted Lemon
- Re: pgp signing in van Melinda Shore
- Re: pgp signing in van Ted Lemon
- Re: pgp signing in van Melinda Shore
- Re: pgp signing in van Joe Touch
- Re: pgp signing in van Scott Kitterman
- Re: pgp signing in van Phillip Hallam-Baker
- Re: pgp signing in van Ted Lemon
- Re: pgp signing in van Scott Brim
- Re: pgp signing in van Ted Lemon
- Re: pgp signing in van Melinda Shore
- Re: pgp signing in van Ted Lemon
- Re: pgp signing in van Melinda Shore
- Re: pgp signing in van Ted Lemon
- Re: pgp signing in van Pete Resnick
- Re: pgp signing in van Theodore Ts'o
- Re: pgp signing in van Hector Santos
- Re: pgp signing in van Phillip Hallam-Baker
- Re: pgp signing in van Hector Santos
- Re: pgp signing in van John C Klensin
- Re: pgp signing in van Michael Richardson
- Re: pgp signing in van Michael Richardson
- Re: pgp signing in van Ted Lemon
- Re: pgp signing in van Peter Saint-Andre
- Re: pgp signing in van Hector Santos
- Re: pgp signing in van Peter Saint-Andre
- Re: pgp signing in van Måns Nilsson
- RE: pgp signing in van l.wood
- Re: pgp signing in van Anshuman Pratap Chaudhary
- Re: pgp signing in van Måns Nilsson
- Re: pgp signing in van Brian Trammell
- Re: pgp signing in van Andrew Sullivan
- Re: pgp signing in van Cyrus Daboo
- Re: pgp signing in van Peter Saint-Andre
- Re: pgp signing in van Michael Richardson
- Re: pgp signing in van John Levine
- Re: pgp signing in van David Conrad
- Re: pgp signing in van Ted Lemon
- Re: pgp signing in van Peter Saint-Andre
- Re: pgp signing in van Richard Barnes
- Re: pgp signing in van Scott Brim
- Re: [IETF] Re: pgp signing in van Warren Kumari
- What real users think [was: Re: pgp signing in va… Brian E Carpenter
- Re: pgp signing in van Dan York
- Re: What real users think [was: Re: pgp signing i… Dave Crocker
- Re: pgp signing in van Ted Lemon
- Re: What real users think [was: Re: pgp signing i… Steve Crocker
- Re: What real users think [was: Re: pgp signing i… Ted Lemon
- Re: What real users think [was: Re: pgp signing i… Dave Crocker
- Re: What real users think [was: Re: pgp signing i… Hector Santos
- Re: What real users think [was: Re: pgp signing i… Steve Crocker
- Re: pgp signing in van Ted Lemon
- Re: What real users think [was: Re: pgp signing i… Brian E Carpenter
- Re: What real users think [was: Re: pgp signing i… John C Klensin
- Re: What real users think [was: Re: pgp signing i… Ted Lemon
- Re: pgp signing in van David Morris
- Re: What real users think [was: Re: pgp signing i… SM
- Re: What real users think [was: Re: pgp signing i… Dave Crocker
- Re: pgp signing in van Ted Lemon
- Re: What real users think [was: Re: pgp signing i… Ted Lemon
- Re: What real users think [was: Re: pgp signing i… Ted Lemon
- Re: not really pgp signing in van John Levine
- Re: not really pgp signing in van Ted Lemon
- Re: What real users think [was: Re: pgp signing i… John R. Levine
- Re: pgp signing in van Arturo Servin
- Re: not really pgp signing in van Scott Kitterman
- Re: What real users think [was: Re: pgp signing i… Phillip Hallam-Baker
- Re: not really pgp signing in van John Levine
- Re: What real users think [was: Re: pgp signing i… John Levine
- Re: not really pgp signing in van Ted Lemon
- Re: not really pgp signing in van John R Levine
- Re: not really pgp signing in van Ted Lemon
- Re: not really pgp signing in van John R Levine
- Re: What real users think [was: Re: pgp signing i… Fernando Gont
- Re: pgp signing in van Fernando Gont
- Re: pgp signing in van Ted Lemon
- Re: not really pgp signing in van Brian Trammell
- Re: pgp signing in van t.p.
- Re: not really pgp signing in van Måns Nilsson
- Re: pgp signing in van Ted Lemon
- the evil of html was Re: pgp signing in van t.p.
- Re: not really pgp signing in van Phillip Hallam-Baker
- Re: pgp signing in van Paul Wouters
- Re: not really pgp signing in van Ted Lemon
- Re: not really pgp signing in van Phillip Hallam-Baker
- Re: not really pgp signing in van Ted Lemon
- Re: not really pgp signing in van Martin Thomson
- Re: not really pgp signing in van Phillip Hallam-Baker
- Re: not really pgp signing in van John R Levine
- Re: not really pgp signing in van manning bill
- Re: not really pgp signing in van Ted Lemon
- Re: not really pgp signing in van Theodore Ts'o
- Re: not really pgp signing in van Phillip Hallam-Baker
- Re: not really pgp signing in van Ted Lemon
- Re: not really pgp signing in van Yoav Nir
- was: not really pgp signing in van SM
- Re: was: not really pgp signing in van Phillip Hallam-Baker