On Wed, 26 Feb 2003, Adam Shostack wrote:
> On Wed, Feb 26, 2003 at 09:40:12AM -0800, Len Sassaman wrote:
> | How much do we want to worry about sanitizing user-provided attachments in
> | various formats? We can't simply say "no attachments", as this will have
> | severe negative impact on the system's adoption and use.
>
> That way madness lies. Create a site where users can find cleansing
> software. Don't delay mixminion for it.
Yes, better only agree on a list of Header lines that may be set by the
user:
To
Subject
References
In-Reply-To
Mime-Version
Content-Type
Content-Disposition
On how clients should create them in The One Canonical and secure way
should be a different document.
Peter
--
PGP signed and encrypted | .''`. ** Debian GNU/Linux **
messages preferred. | : :' : The universal
| `. `' Operating System
http://www.palfrader.org/ | `- http://www.debian.org/
Attachment:
pgp00013.pgp
Description: PGP signature