Email Clients and digital signatures

CL Gilbert
Sat Jul 5 18:44:03 2003

Hash: SHA1

Johan Wevers wrote:
| You, CL Gilbert, wrote:
|>What they are responsible for is making sure the scripts can do no harm.
|>~ In other words, that they run in a sandbox and have limited abilities.
| That would remove most of the thing scripts are legally used for (starting
| applications on an intranet).

I don't comprehend this.  A script is not allowed to run local programs.
~ And certainly NOT automatically.  Anything you start on your own is
your own fault.  The only scripting I am aware of that is allowed is
javascript or vbscript, and its just as limited as if it were on a web
page.  like i said, its in a sandbox.  the worse trick people have been
able to do is list your own files to you and act like they can see them
too when they can not.

|>~ Outlook is not supposed to automatically *run* arbitrary scripts.  When
|>it does, thats an error.
| But the tight coupling of file extensions and how to start a file in
| makes it very likely even the smallest programming error results in such
| things. The problem I'm now getting is that windows virusscanners now
| protest against ANY file with a double extension, like X.txt.pgp. :-(

still disagree.  that has nothing to do with outlook, and Linux even has
a fileroler or something that can start programs based on extensions.
Again, if you start the program yourself, all bets are off.  they do not
start automatically.  Thats why .bat,.exe,.pif are dangerous files and
should always be refused.  That why the tricksters are sending .pif
files in zip packages (on a daily basis to me).  Thats why they have
resorted to sending MS Office files with macros in them.  You still have
to run them.

- --
Thank you,

CL Gilbert
Free Java interface to
"Then said I, Wisdom [is] better than strength: nevertheless the poor
man's wisdom [is] despised, and his words are not heard." Ecclesiastes 9:16

GnuPG Key Fingerprint:
82A6 8893 C2A1 F64E A9AD  19AE 55B2 4CD7 80D2 0A2D
GNU Privacy Guard
Pretty Good Privacy (PGP), windows
users should try that.

Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla -