Breaking MIME concatenation

Alexander Veit list at
Sat May 19 20:18:25 CEST 2018

Am 16.05.2018 um 06:21 schrieb Patrick Brunschwig:
> I have actually thought through this during a sleepless night, and I
> believe that it could work as a quick and easy to implement *short term*
> measure until the mail clients have fixed the HTML rendering.

I do not think that HTML rendering could be fixed in a way that it would
meet general security requirements.

Mail clients rely on different rendering/browser engines that implement
HTML/CSS as a living standard and with different features and
interpretations of these standards.  And probably none of these engines
have been designed with security implications of tampered with HTML
source code in mind. In my opinion this cannot be the basis for a secure
mail client.

A decrypted message part should never be embedded or displayed in other
message parts of the same or any other message. And with embedded I mean
embedded neither in raw nor parsed message parts (such as HTML DOMs).  A
decrypted message should always be displayed in its own secured sandbox.

I'm quite sure that not following these rules will inevitably lead to doom.

Just my 2 cents

More information about the Gnupg-users mailing list