On Mon, Aug 21, 2023 at 6:19 AM Keith Moore <moore@xxxxxxxxxxxxxxxxxxxx> wrote:
Right, and these are nice features to have. But HTML in email is a slippery slope. It's hard to draw the line to say exactly how much HTML/CSS/JS/etc. is too much to use in email. And the whole HTML/CSS/JS/etc (and bits of HTTP) environment has been an ongoing attack on users' privacy for decades.
Also, HTML/CSS/JS/etc. weren't designed for repetitive editing such as happens with multiple levels of email replies. A format designed for use in email must have simple rules (that can be reliably implemented on numerous platforms) for generating a reply from a subject message.
It was switch and bait though.
_javascript_ did not exist when we started talking about HTML email and CSS was completely different.
This is a difficult topic to get a handle on because there are multiple uses for mail messaging and SMTP conflates them all. What we are mostly talking about in this thread is discussion. And when you are having a discussion you need to limit the formatting because it is going to get in the way of the formatting supporting the discussion. Discord and Slack have lots of formatting features but I avoid most of them. If users are allowed to specify the color of their texts, my reader can't use it to distinguish speakers.
Discussion is not the only application though. Allowing for richer formatting might well be appropriate in an invoice. Or maybe the use of letterhead should be restricted to registered companies who have gone through some sort of validation process.
On Mon, Aug 21, 2023 at 12:05 PM John Levine <johnl@xxxxxxxxx> wrote:
According to Keith Moore <moore@xxxxxxxxxxxxxxxxxxxx>:
>-=-=-=-=-=-
Oddly, people outside the IETF don't seem to have any problem. Any format
you can add in popular MUAs like Outlook or Thynderbird or webmail like
Gmail or O365 renders fine in all of the others.
It kinda sorta works. I had to try three times to get Gmail to cut and paste the above quote correctly.
I have absolutely no sympathy for the people who insist on using Elm and insist everyone else on the planet pander to their attachment to obsolete technology. And while there are many who do appear to be making that sort of demand, Keith seems to be saying we need a mail markup but we need one built for the purpose rather than just trying to use HTML.
It has occurred to me that one way to solve the issue we are having in Everything, namely a format that is essentially a subset of HTML is going to be easiest to render as HTML by using markdown as the document format.
My goal here is to ensure that every client can render every message sent, including the math markup without opening the door to full HTML in the discussion format. An end-to-end secure client cannot support unrestricted HTML and the long term goal for the reference implementation is to move away from Blazor and make use of a purpose built widget and a direct WebRTC implementation so as to minimize the attack surface. That will mean having two separate tools for Mesh and Web which I think is the right approach because the Web is always going to be about the universe of all information and the Mesh is the safe area.
One technology this suggests we would need is a means of passing off a link to a closed Web subset. So if I click on a link to Fidelity Investments, it doesn't spin up Edge, it spins up a limited version of Edge which is a locked walled garden that isn't visible to any other app on the device.
