On Mon, Dec 12, 2011 at 11:52 AM, Adam Barth <[email protected]> wrote: > On Mon, Dec 12, 2011 at 11:38 AM, Murray S. Kucherawy <[email protected]> > wrote: >>> -----Original Message----- >>> From: Adam Barth [mailto:[email protected]] >>> Sent: Monday, December 12, 2011 11:35 AM >>> To: Yoav Nir >>> Cc: Murray S. Kucherawy; [email protected] >>> Subject: Re: [websec] Same Origins and email >>> >>> The questions you're asking don't really have universal answers. >>> These behaviors aren't standardized and so are likely to vary from MUA >>> to MUA. >> >> I think that's why I'm asking the question. >> >> I wonder if it would be a useful area to explore in terms of standardization >> since MUA-based HTML pages suffer many of the same attacks as regular >> browsers do. That seems to be an attack surface that's largely unaddressed >> here. > > I
^^ don't :) > really have an opinion on that topic. If you'd like to move in that > direction, I'd recommend talking with implementors of MUAs to see if > they'd be interested in implementing such a standard. > > Adam _______________________________________________ websec mailing list [email protected] https://www.ietf.org/mailman/listinfo/websec
