On Mon, Dec 12, 2011 at 11:38 AM, Murray S. Kucherawy <[email protected]> wrote: >> -----Original Message----- >> From: Adam Barth [mailto:[email protected]] >> Sent: Monday, December 12, 2011 11:35 AM >> To: Yoav Nir >> Cc: Murray S. Kucherawy; [email protected] >> Subject: Re: [websec] Same Origins and email >> >> The questions you're asking don't really have universal answers. >> These behaviors aren't standardized and so are likely to vary from MUA >> to MUA. > > I think that's why I'm asking the question. > > I wonder if it would be a useful area to explore in terms of standardization > since MUA-based HTML pages suffer many of the same attacks as regular > browsers do. That seems to be an attack surface that's largely unaddressed > here.
I really have an opinion on that topic. If you'd like to move in that direction, I'd recommend talking with implementors of MUAs to see if they'd be interested in implementing such a standard. Adam _______________________________________________ websec mailing list [email protected] https://www.ietf.org/mailman/listinfo/websec
