[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: More thoughts on From: lines
On Wed, 26 Feb 2003, Michael Gurski wrote:
> Are there differences in MIME encoding for different MUAs, or just the
> content boundary delimiters? If it's the latter, I can see a
> demime/remime (or just straight re-write) that could happen at the
> last hop. It's probably not solvable if it's the former, at least
> with existing MUAs.
We discussed this at the BoF. Conclusion: all MIME header creation and
canonicalization must be done at the sending end.
> My opinion would be "warn the users that attachments could compromise
> their anonymity".
Further, and this is a nit at this point: warn them, and allow them to
permanently disable the warning. We need to balance warning users of the
risks, with scaring them away from the system to instead use a less-secure
system which doesn't warn at all.
> I suspect that a determined user will find some way to attach data,
> even if the system officially disallows attachments. In the world
> today, I don't think most people would be willing to use a system
> where they couldn't use attachments of some sort.
Agreed.
> I think if users are educated about the possible anonymity
> compromises, they can make their own decisions on the matter. Instead
> of attaching v-cards, or Word docs that might have identifying info,
> the ones truly concerned would likely disable v-cards, and maybe
> print-and-scan, or export docs to text and attach those. Or, as Peter
> mentioned elsewhere, track down tools to sanitize their documents
> before attaching. But definitely, plugins or documentation should
> warn users that what they're doing might conceivably allow them to be
> traced.