Don't kill the messenger (was: Re: Reliance on Microsoft called risk to U.S. security)
Roy M. Silvernail
roy at rant-central.com
Thu Oct 2 07:14:48 EDT 2003
On Wednesday 01 October 2003 22:02, bear wrote:
> No, it is not. You can make a hyperdocument that is completely
> self-contained and therefore "text", but that is not how HTML is
> normally made. HTML can cause your machine to do things other than
> display it, and to that extent it is "code", not text.
A small nit: HTML is, in fact, text. The effects you describe are the result
of a client taking certain actions based on the text/html MIME type. That's
the reason you use Pine (and I use Kmail). These clients (and others... yay,
elm!) don't take unbidden actions to render HTML mail or cause executable
attachments to execute.
> You can't rely on "saving" an HTML document
> and being able to read it years or decades later, because with
> hypertext, maybe the part you're interested in (or need for evidence)
> isn't even on the page you saved.
True, but again, that's a property of HTML. That the HTML document was
transmitted through mail is a side issue.
It's not that email has been overloaded, through the use of MIME, to carry
content other than text/plain. The problem is that certain MUAs have been
built to take some default actions based on the MIME types received, and
those clients have become (for whatever reason) popular among mail users of
a, shall we say, non-technical bent.
> The fact that sending HTML (and other code) through SMTP was not
> considered a violation of SMTP has allowed a generation of mail
> readers to become common that encourage mail viruses, macroviruses,
> worms, and other malicious code. If we are interested in security, we
> need some kind of protocol where we as a group just draw a line and
> say "nothing but text through this port."
SMTP is *already* such a protocol. Base-64 encoding (and UUENCODE before it)
was designed to address the 7-bit gateway through which email once passed.
MIME only describes and encapsulates non-textual content. (the first M
originally stood for 'multimedia', not 'multipurpose') Some mail clients have
evolved (or been designed *cough*outlook*cough*) to be infection vectors, but
that's not the fault of the base transport protocol. It's the result of poor
security decisions in the client design process.
This is not to demonize MIME, either. Some applications, like PGP signatures,
are elegant uses. Much better than the X-PGP-Signature header I was helping
develop 10 years ago. There's nothing intrinsically wrong with extending
mail to carry arbitrary content. The problem appears when the MUA is able to
take some risky action with that content, whether automatically or through
unwise user action. Grandma clicks on everything.
Mail as a vulnerability is a client issue and a training issue.
That said, I also despise HTML mail for all the reasons you describe. But
between the September That Never Ended and the release of Mosaic, it's really
no surprise that eye candy has become an imperative.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list