[ciphershed] Re: Signed HTML emails in the mailing list
- From: "Alain Forget" <aforget@xxxxxxx>
- To: <ciphershed@xxxxxxxxxxxxx>
- Date: Fri, 13 Jun 2014 19:33:28 -0400
Perhaps, but I haven't looked closely into what aspects of HTML e-mail clients
block or don't (particularly closed-source ones). Historically, I think they've
been behind browsers in terms of security and privacy.
In any case, plain text is much less likely to be harmful than HTML. Especially
given the nature of this project in particular, better safe than sorry, in my
opinion.
Alain
-----Original Message-----
From: ciphershed-bounce@xxxxxxxxxxxxx [mailto:ciphershed-bounce@xxxxxxxxxxxxx]
On Behalf Of Kyle Marek
Sent: Friday, June 13, 2014 19:25
To: ciphershed@xxxxxxxxxxxxx
Subject: [ciphershed] Re: Signed HTML emails in the mailing list
On 06/13/2014 06:49 PM, Alain Forget wrote:
I always deliberately read and write text-only e-mail as a security and
privacy precaution. I'm a bit surprised someone is suggesting that people in a
security-related mailing list do otherwise.
Don't all mail clients block anything that's dynamic in HTML? Mine doesn't even
show images by default in fear that an image is going to exploit a buffer
overflow, but i still have html (so i still have fonts, boldness, ect.)
________________________________
At the time of sending this message, I have not been contacted by any
government official or worker regarding my participation in CipherShed or any
related project. I have not been asked to supply any information to them that
may be used to impersonate me nor have I been asked to aid the government or
it's officials or workers in modifying part of CipherShed or any related
project. I am not aware of any of my property or anything regarding me being
bugged, searched, or compromised in any way. Anything that accepts PGP
encryption or signing should have been cryptographically secured with my PGP
key.
Other related posts:
