On Thu, 6 Jun 2002, Kee Hinckley wrote: > At 9:08 AM -0400 6/4/02, Wietse Venema wrote: > >The proper approach is to eliminate such ambiguity, by normalizing > >data, that is, by transforming messages into a form that avoids > >all the grey areas where implementations err, or where RFCs are > >ambiguous. > Which is non-trivial, and also runs the risk of taking things that > passed a scanner and turning them into something dangerous. How so? Assuming that (1) the scanner and the MUA agree on what "dangerous" means, and that (2) both the MUA and the scanner agree on the interpretation of the scanner's normalized output, then Venema's suggestion seems safe. While (2) should be achievable except with highly unreasonable MUA's, you have a point that it might be wrong to assume (1). > I would go the other route with a scanner/interpreter. If the input > doesn't match your understand of the standard--reject it. Actually, > I was going to say, "or turn it into plain text", but there again we > run into the problem of software which is overly happy to interpret > what the remote sender "meant". I really don't think there's any > other safe solution. The safe solution is to use MUA's and operating systems which do not permit executable content in e-mail messages and which do not encode file types in file names. However, every time I bring that up, people say that it's not feasible. -- David.
