Going GUI...er
Derek Martin
invalid at pizzashack.org
Thu Apr 9 14:32:01 UTC 2020
On Wed, Apr 08, 2020 at 01:17:12PM +0100, Sam Kuper wrote:
> On Tue, Apr 07, 2020 at 09:23:34PM -0500, Derek Martin wrote:
> > On Sun, Apr 05, 2020 at 12:09:55AM +0100, Sam Kuper wrote:
> > Sorry, but this is an archaic way of looking at the problem. People
> > have been doing this for decades now, has become the norm, common
> > practice, and really it is therefore WE who are being inconsiderate by
> > not accepting de facto standards that have been widely adopted for a
> > very long time.
>
> I disagree. You have made a "roads were built for cars" argument*: it
> assumes that today's "de facto standard" trumps historical precedent and
> considerate behaviour.
>
> I've nothing against people sending emails with multiple attachments.
> But expecting the recipient's MUA to parse multiple attachments into
> some kind of combined document is presumptuous, because clearly not
> everyone's MUA does this.
There's a HUUUUUGE difference. Roads existed for millenia before
cars. By the time e-mail was in widespread use (the mid-90's... just
because you may have had it before then does not mean it was wide
spread before that), MIME was already a standard, and the vast
majority of e-mail clients had support for it. The GUI ones had it
built in. So your argument is a straw man.
> And even if yours does: should it? As several people in this thread
> have pointed out (and as is also illustrated in the "Efail" paper by
> Poddebniak et al, linked in my footer), using such an MUA massively
> increases your attack surface.
Just because the current batch of GUI MUAs does this does not mean
yours *needs* to. That would be the beauty of a GUI Mutt--it already
has the philosophy of not automatically exposing you to all those same
attack vectors. After all, text-based Mutt has exactly the same
attack vetctors; it just does not expose you to them by default--you
have to take action to expose yourself to them.
And honestly, most mailers have the ability to avoid these attack
vectors--they just don't by default, because that's what the average
person wants. Mutt users typically are not average e-mail users, and
know better.
--
Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02
-=-=-=-=-
This message is posted from an invalid address. Replying to it will result in
undeliverable mail due to spam prevention. Sorry for the inconvenience.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.mutt.org/pipermail/mutt-users/attachments/20200409/c400c880/attachment.asc>
More information about the Mutt-users
mailing list