[Gllug] HTML-based Email (Was: A linux printer ?)

[Richard Jones]

On Tue, Oct 05, 2010 at 10:56:19AM +0100, Jan Henkins wrote:
> OK, fair enough. Still, this is such an age-old issue (I can remember 
> this being a major flash-point in the beginning 90's), that I would have 
> thought coping mechanisms have developed with the times. I am aware that 
> text-based email clients (like Pine/Alpine, and I'm almost certain more 
> hardcore tools like Mutt and Gnus) would help out in reformatting HTML 
> mail that slips through.

I don't think the security issue is going to go away, unless we stop
untalented programmers hacking out HTML renderers in crappy languages
like C++ (ie. not any time soon).  Once you crack open the HTML door,
you need to allow so much stuff in -- images, Javascript, the latest
flavour of dynamic HTML, videos, audio -- that you end up with a
mountain of code to make secure.

This is not to say that text based mailers are bulletproof, but the
attack surface is smaller, older and not expanding [HTML5 q.v.]

So it was a major flash point in the 1990s, and I predict it will
continue to be so for some time to come.

> * Being originally from a bandwidth-poor country, wasting bandwidth 
> still rankles. Sending text and HTML parts of a message does indeed 
> "waste bandwidth", so I still get a bit uptight about it, even if the 
> basic reason for me getting irritated about it (lack of bandwidth, and 
> what is available tends to be prohibitively expensive) doesn't really 
> exist anymore. At least not here in the UK.

The bandwidth isn't just the transmission of the HTML, it's displaying
it too.  I'm replying to your email over a very long ssh connection,
and that wouldn't be feasible if the original email had to be rendered
with graphics, video and sound.

Rich.

-- 
Richard Jones
Red Hat
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug