In article <26ACFB13-7850-4880-99C1-B1B1FF9E13EA@xxxxxxxxx> you write: >I don’t know enough to know the prevalence of the unicode emoji set and whether base-emojis are needed. I leave >that to you. I would just add a few words to indicate why you defined the set and when you would expect it be >used. That’s all. It is my impression that if a system can display any emoji at all, it's likely to display all of them, give or take recent additions. I still don't see the utility of base-emoji. >Here’s what I would suggest: > >An attacker may transmit one, several, or many messages that lack any form of authentication, indicating one or >more reactions, thus causing the MUA to mislead the reader into believing a general sentiment to be something other >than what it is, or that a specific reaction is other than what it is. The ultimate appropriate remediation is to >authenticate the sender of a reaction against a trusted authority. Short of that, MUA designers are advised to >consider only processing reactions that pass a heuristic test as to their likely authenticity. You'd need a pretty sophisticated attacker to know enough about someone's mail stream to send fake responses that matched up well enough to look plausible. I suppose you could attack mailing list mail that way, but again that's nothing new. If I wanted, I could send a dozen replies to this list faking the addresses of previous senders saying that your suggestion is brilliant, or not. R's, John -- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call
