On Jo, 11 iul 19, 15:52:56, John Crawley wrote: > On 2019-07-11 15:25, Andrei POPESCU wrote: > > On Jo, 11 iul 19, 12:31:07, John Crawley wrote: > > > ...user agents that could deal with html in some sane way, and without > > > exposing the recipient to attacks. Simply not following any web links > > > would > > > be enough I'd have thought? Or are there some more subtle attack paths? > > > > Yes, look up the EFAIL vulnerability (I posted a link in another > > message). It enabled a potential attacker to trick e-mail clients > > parsing html e-mail to decrypt an (old) encrypted message. > > > > In most cases users only had to open the message. > Since enforcing no-html, and particularly no-malevolent-html on all incoming > mail is not an option available to us, the only remaining choices for a > "good" MUA would then be: > A) Display html as-is, tags and all > B) Strip out the tags and display what's left, like html2text > > I think B) is the better option.
C) Treat *all* message parts as potentially harmful, not just some attachments. If additional parsing is needed (check signature, parse html, etc.) do so in a safe way. Of course, this is not easy to do, especially if you insist on parsing all the bells and whistles in the html/css, which is probably why so many clients were vulnerable. Kind regards, Andrei -- http://wiki.debian.org/FAQsFromDebianUser
signature.asc
Description: PGP signature
