**** BEGIN LOGGING AT Mon May 06 02:59:57 2019
May 06 06:43:31 <DocScrutinizer05> I'm pretty late on this one... nevertheless: using CSS and/or HTML in email may cause massive risk to compromise crypto privacy/signature https://arxiv.org/ftp/arxiv/papers/1904/1904.07550.pdf  https://github.com/RUB-NDS/Johnny-You-Are-Fired
May 06 06:52:50 <Maxdamantus> By "using", you mean "having it enabled in the client", right?
May 06 06:53:29 <Maxdamantus> Don't think there's much you can do to influence that security as a sender of email.
May 06 06:54:18 <Maxdamantus> other than not using HTML so that it's more convenient for recipients to disable it altogether.
May 06 06:55:05 <KotCzarny> html/js emails are evil incarnate
May 06 06:55:35 <KotCzarny> anyone sending/enabling them is asking for troubles
May 06 06:55:41 <Oksana> JS, sure. But what about hyperlinks? Are they evil?
May 06 06:56:00 <KotCzarny> i would say it's up for the client/viewer to parse the links
May 06 06:56:17 <KotCzarny> since they are easy to match http.+://[^ ] etc
May 06 06:57:05 <KotCzarny> even text terminal/irc can detect and activate links for clicking in raw text
May 06 06:57:30 <KotCzarny> so it wouldnt even be an issue for people using them and some text client (pine and friends)
May 06 07:16:26 <Oksana> :grimace: I would rather have them sent out as some kind of mark up, not HTML, but something like <https://en.wikipedia.org/>, because auto-detection of links plainly misfires. Especially where people insert a dot after a link, and it gets appended to URL. Or a space inside the URL makes the auto-detect break up in the wrong place
**** ENDING LOGGING AT Tue May 07 02:59:57 2019