On Jo, 11 iul 19, 15:52:56, John Crawley wrote:
On 2019-07-11 15:25, Andrei POPESCU wrote:
On Jo, 11 iul 19, 12:31:07, John Crawley wrote:
...user agents that could deal with html in some sane way, and without
exposing the recipient to attacks. Simply not following any web links would
be enough I'd have thought? Or are there some more subtle attack paths?
Yes, look up the EFAIL vulnerability (I posted a link in another
message). It enabled a potential attacker to trick e-mail clients
parsing html e-mail to decrypt an (old) encrypted message.
In most cases users only had to open the message.
Since enforcing no-html, and particularly no-malevolent-html on all incoming
mail is not an option available to us, the only remaining choices for a
"good" MUA would then be:
A) Display html as-is, tags and all
B) Strip out the tags and display what's left, like html2text
I think B) is the better option.
C) Treat *all* message parts as potentially harmful, not just some
attachments. If additional parsing is needed (check signature, parse
html, etc.) do so in a safe way.
Of course, this is not easy to do, especially if you insist on parsing
all the bells and whistles in the html/css, which is probably why so
many clients were vulnerable.