RFCs, standards, pink bunnies and flower patterns was -- Re: GPG Outlook Plug-In and Signatures

Nicholas Cole npcole at yahoo.co.uk
Tue Oct 17 18:42:54 CEST 2006

> Nicholas Cole wrote:
> > Is there anything else about an HTML email that
> raises a red flag
> > from a security point of view?
> Define 'HTML email', please.  If you're talking
> about simple XML, the
> security concerns are different than if you're
> talking about putting
> Javascript + Flash + ActiveX +
> EveryOtherPossibleThing in your emails.
> The phrase 'HTML email' covers a lot of ground. 
> Narrowing the phrasing
> may lead to more useful answers.

Well, of course, I suppose you are right.  But context
is everything - I was using the term in the sense I
understood others in the thread were using it, that is
to say the HTML emails generated by popular email
clients.  That is what people most often seem to miss
when they move to encrypted email, and is what prompts
the FAQ on this on other lists.

In any case, my question still stands. I don't see why
anyone would wish to send this stuff - but given that
they do is there a way to let them do it securely?[*] 
I want to understand the technical problems that
others have alluded to better.

[*] Securely here can only mean with the kind of
integrity that gpg provides - ie. knowing that you are
seeing the message that the sender intended.  If HTML
email opens up other security problems, that's not the
job of gpg to prevent.

Best, N.

All new Yahoo! Mail "The new Interface is stunning in its simplicity and ease of use." - PC Magazine 

More information about the Gnupg-users mailing list