Don't kill the messenger (was: Re: Reliance on Microsoft called risk to U.S. security)

Roy M. Silvernail roy at rant-central.com
Thu Oct 2 07:14:48 EDT 2003


On Wednesday 01 October 2003 22:02, bear wrote:

> No, it is not.  You can make a hyperdocument that is completely
> self-contained and therefore "text", but that is not how HTML is
> normally made.  HTML can cause your machine to do things other than
> display it, and to that extent it is "code", not text.

A small nit: HTML is, in fact, text.  The effects you describe are the result 
of a client taking certain actions based on the text/html MIME type.  That's 
the reason you use Pine (and I use Kmail).  These clients (and others... yay, 
elm!) don't take unbidden actions to render HTML mail or cause executable 
attachments to execute.

> You can't rely on "saving" an HTML document
> and being able to read it years or decades later, because with
> hypertext, maybe the part you're interested in (or need for evidence)
> isn't even on the page you saved.

True, but again, that's a property of HTML. That the HTML document was 
transmitted through mail is a side issue.

It's not that email has been overloaded, through the use of MIME, to carry 
content other than text/plain.  The problem is that certain MUAs have been 
built to take some default actions based on the MIME types received, and 
those clients have become (for whatever reason) popular among mail users of 
a, shall we say, non-technical bent.

> The fact that sending HTML (and other code) through SMTP was not
> considered a violation of SMTP has allowed a generation of mail
> readers to become common that encourage mail viruses, macroviruses,
> worms, and other malicious code.  If we are interested in security, we
> need some kind of protocol where we as a group just draw a line and
> say "nothing but text through this port."

SMTP is *already* such a protocol.  Base-64 encoding (and UUENCODE before it) 
was designed to address the 7-bit gateway through which email once passed.  
MIME only describes and encapsulates non-textual content.  (the first M 
originally stood for 'multimedia', not 'multipurpose') Some mail clients have 
evolved (or been designed *cough*outlook*cough*) to be infection vectors, but 
that's not the fault of the base transport protocol.  It's the result of poor 
security decisions in the client design process.

This is not to demonize MIME, either.  Some applications, like PGP signatures, 
are elegant uses. Much better than the X-PGP-Signature header I was helping 
develop 10 years ago.  There's nothing intrinsically wrong with extending 
mail to carry arbitrary content.  The problem appears when the MUA is able to 
take some risky action with that content, whether automatically or through 
unwise user action.  Grandma clicks on everything.

Mail as a vulnerability is a client issue and a training issue.

That said, I also despise HTML mail for all the reasons you describe.  But 
between the September That Never Ended and the release of Mosaic, it's really 
no surprise that eye candy has become an imperative.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list