Secure Coding mailing list archives
RE: Hypothetical design question
From: Nick Lothian <nl () essential com au>
Date: Wed, 28 Jan 2004 15:38:27 +0000
In other words, could an email client be designed and implemented that would satisfy both the users and the security requirements? Or, is the problem too difficult without sacrificing some functionality?
I think the problem is too difficult. Given the email infrastructure we have at the moment, I think the only way to make a secure email client it to make one that only renders plain text, and strips all attachments. That is probably too much of a loss in functionality. In dream mode, though: One hypothetical idea is to have some kind of persistent codebase on all attachments received. The operating system would then need to enforce permission checks based on this codebase (that could get pretty tricky - what happens when an attached word document is opened - How does the OS decide what calls are being done by the program, and what is being done by the document?). Nick
Current thread:
- Re: Hypothetical design question, (continued)
- Re: Hypothetical design question Kenneth R. van Wyk (Jan 29)
- Re: Hypothetical design question Paco Hope (Jan 28)
- Re: Hypothetical design question Dave Aronson (Jan 28)
- Re: Hypothetical design question Andreas Saurwein (Jan 28)
- RE: Hypothetical design question Alun Jones (Jan 28)
- Re: Hypothetical design question Louis Solomon [SteelBytes] (Feb 02)
- RE: Hypothetical design question Michael S Hines (Feb 02)
- Re: Hypothetical design question Louis Solomon [SteelBytes] (Feb 03)
- RE: Hypothetical design question Jason Wilcox (Feb 03)
- RE: Hypothetical design question Michael S Hines (Feb 02)
- RE: Hypothetical design question ljknews (Jan 28)
- RE: Hypothetical design question Dave Paris (Jan 29)
- RE: Hypothetical design question ljknews (Jan 29)
- Re: Hypothetical design question Paco Hope (Jan 29)
- Re: Hypothetical design question David Harmon (Jan 30)
- RE: Hypothetical design question David Crocker (Jan 30)
- RE: Hypothetical design question Alun Jones (Feb 01)