Re: HTML for email

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 02/03/2021 15:55, Nick Hilliard wrote:
ned+ietf@xxxxxxxxxxxxxxxxx wrote on 02/03/2021 14:08:
And like it or not, outside the IETF the HTML horse left the barn a
long time back.
Bear in mind that even within the IETF, plenty of people view the entire
HTML email debate as flogging the proverbial dead horse, and when it
rolls around every several months, welcomes it in the same way that you
might welcome an outbreak of cold sores.

We can chose to deal with or ignore it, but getting
it back in the barn is not an option.
Looking at this from a different perspective, in the twenty-something
years of discussion since Content-Type: text/html first appeared, have
any actionable and viable suggestions emerged about how to deal with
html email, other than stripping it off in the archived emails?
Strip it off before sending it out to list subscribers!  Perhaps an 
option on the subscription for those who want to risk the HTML.  I would 
leave the HTML in the archive as I have more control over when and how I 
access that.
The issue as I first said is privacy.  I think that the IETF, along with 
other parts of the industry have done a bad job of alerting users to the 
potential for evil actors with a variety of protocols.  There is a lot 
at the moment around me based on an older technology, phones, on the 
ability of evil actors to forge the number that appears on caller 
display to be that of a trusted organisation, government, financial 
institution and so on.  There is also the trick that the caller does not 
put the phone down so when you call back your trusted institution to 
verify the caller, you get the evil actor's mate.  And I read that the 
bill for this is racking up billions, typically via push-payment fraud.
Here, the idea that opening an e-mail, or letting it be implicitly 
opened for you by the system, enables someone to track when and where 
you are, via HTML, will, I think, come as a surprise to many and, given 
the attention that privacy has garnered in the IETF, that surprise will 
be unwelcome.  As I said, given all that attention, I remain at a loss 
that the IETF does nothing about it, allows it on IETF lists, does not 
publish text/html considered harmful.  I do not see a way that evil 
actors can exploit this for e.g. financial gain, but then, I do not have 
the mindset of an evil actor - doubtless they are working on it.
Tom Petch

Maybe the people who are upset about html email could form a working
group, take the discussion there and write up an ID with observations
and recommendations for html emails at the ietf?

Nick
.




[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux