[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: More thoughts on From: lines



On Wed, 26 Feb 2003, Adam Shostack wrote:

> On Wed, Feb 26, 2003 at 09:40:12AM -0800, Len Sassaman wrote:
> | How much do we want to worry about sanitizing user-provided attachments in
> | various formats? We can't simply say "no attachments", as this will have
> | severe negative impact on the system's adoption and use.
> 
> That way madness lies.  Create a site where users can find cleansing
> software.  Don't delay mixminion for it.

Yes, better only agree on a list of Header lines that may be set by the
user:

To
Subject
References
In-Reply-To
Mime-Version
Content-Type
Content-Disposition


On how clients should create them in The One Canonical and secure way
should be a different document.

Peter
-- 
 PGP signed and encrypted  |  .''`.  ** Debian GNU/Linux **
    messages preferred.    | : :' :      The  universal
                           | `. `'      Operating System
 http://www.palfrader.org/ |   `-    http://www.debian.org/

Attachment: pgp00013.pgp
Description: PGP signature