On Jo, 11 iul 19, 12:31:07, John Crawley wrote: > > I was never trying to claim that it was OK to send messages as html - I > always use plain text myself - but I thought there might be something to be > said for user agents that could deal with html in some sane way, and without > exposing the recipient to attacks. Simply not following any web links would > be enough I'd have thought? Or are there some more subtle attack paths? Yes, look up the EFAIL vulnerability (I posted a link in another message). It enabled a potential attacker to trick e-mail clients parsing html e-mail to decrypt an (old) encrypted message. In most cases users only had to open the message. Kind regards, Andrei -- http://wiki.debian.org/FAQsFromDebianUser
Attachment:
signature.asc
Description: PGP signature