On 05/16/2018 08:59 PM, Werner Koch wrote: > On Thu, 17 May 2018 01:39, miri...@riseup.net said: > >> However, I get that many users expect HTML, embedded images and links. > > Well they expect a bit of markup like *bold* or _underlined_ or > /italics/ and links like https://gnupg.org but any decent MUA already > supports this for plain text mails. Proper GUI based MUAs also support > inline images (which are part of MIME); I used such MUAs already in in > the mid 90ies. > > I doubt that mail is the right thing to employ fancy CSS stuff, though.
I usually just look at text. But this has moved me to look at source for some commercial messages. They're basically sending websites. Insane. >> So the best solution would be a tweak to GnuPG that breaks HTML and >> embedded remote content. That would protect against Efail, no matter how > > gpg will nver touch the payload. If MUAs want to sanitize HTML, I won't > have a problem with that. Upon reflection, I get that. So yes, in MUAs. But however implemented, the lesson here is that HTML and executable code in messages aren't compatible with gpg security. > Shalom-Salam, > > Werner > _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users