Secure Coding mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Hypothetical design question

From: Nick Lothian <nl () essential com au>
Date: Wed, 28 Jan 2004 15:38:27 +0000

In other words, could an email client be designed and 
implemented that would 
satisfy both the users and the security requirements?  Or, is 
the problem too 
difficult without sacrificing some functionality?



I think the problem is too difficult.

Given the email infrastructure we have at the moment, I think the only way
to make a secure email client it to make one that only renders plain text,
and strips all attachments. That is probably too much of a loss in
functionality.

In dream mode, though: One hypothetical idea is to have some kind of
persistent codebase on all attachments received. The operating system would
then need to enforce permission checks based on this codebase (that could
get pretty tricky - what happens when an attached word document is opened -
How does the OS decide what calls are being done by the program, and what is
being done by the document?). 

Nick
Previous By Date Next
Previous By Thread Next

Current thread: