On Thu, 2016-01-07 at 20:00 -0800, Daniel Kahn Gillmor wrote: > Can you make your security concerns about handling inbox messages > more > explicit? > > Is the concern that inboxes contain untrusted content that could > somehow > compromise the MUA? or that since the inbox messages are more recent > (i've got stuff in my inbox that's a year old, ha ha) so therefore > actions taken in response to them necessarily give lower-latency > feedback to a network observer? Or some other security concern?
Nothing so advanced or concrete really. It's more that: First, some messages should automatically be deleted after a limited period of time. And some should be retained. This seems like a complex thing to explain to the user. And something that's likely to bite them. Pond colors the message differently, but that's harder to do if there is a lot of data. So maybe presenting the single system as two or more applications makes this easier. Second, user interface people might be handicapped by fears of messing with the way that privacy defaults were expressed to the user, so giving them a mostly compatible code base in which to go wild might simplify development. I subjectively experience using my MUA rather differently when I'm doing searches as opposed to just reading incoming mail, so this didn't seem *completely* off the wall. At the same time, current MUAs are extremely well optimized to do both these jobs, so it's kinda hard to imagine anything different. Jeff p.s. Just an example where something similar does work. OS X keeps contacts, address book, and calendar as separate applications that share data. This works much better than how Debian bundles everything into evolution. Those are pretty different types of data though.
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
