- From: Charles McCathie Nevile <chaals@yandex-team.ru>
- Date: Thu, 06 Feb 2014 15:01:56 +0400
- To: "Neil Jenkins" <neilj@fastmail.fm>
- Cc: "HTML for Email Community Group" <public-htmail@w3.org>
This topic is in teh realms of wishful thinking for the future, so I'll
let it sit after this and get on with work useful for today. But…
On Thu, 06 Feb 2014 11:49:46 +0400, Neil Jenkins <neilj@fastmail.fm> wrote:
> On Thu, 6 Feb 2014, at 06:43 PM, Charles McCathie Nevile wrote:
>> On the other hand, the combination of discussions about sanitising
>> CSS, and signing Javascript for inclusion, makes me wonder if there is
>> any value in having links to known (signed), sanitised CSS.
>
> Known to whom? Signed and verified how? Trusted why? What standard of
> sanitisation? What if different services (for some reason) require
> different things to be sanitised to avoid conflicts? Not saying this
> isn't an interesting idea, but there're a lot of difficulties to
> overcome to make it work (and, of course, you still have the whole issue
> of tracking with *any* remote content).
The rough thing I am thinking is that different email systems will have
different cleaning rules. But if a stylesheet can be checked, e.g. by
passing it through the fantasy services fastmail.fm/styleChecker and
mail.yandex.ru/FilterStyleBugs and gmail.com/CompromisedStyleScrubber and
so on, the acme broadsheet company, who sends me email every 3 days, could
publish the signed version of their style sheet, and various providers
would only have to check the signature to know they have approved the
content.
This could actually enable reduced tracking - I could rely on my provider
(who already knows where my email comes from) to enrich the content
without overly identifying me. At least in the case of fastmail, yandex,
etc, who have a lot of customers. Anonymity might not work so well in my
account on chaals.com - although if fastmail were handling that, they
could make the request as fastmail and effectively anonymise me.
On the other hand, reduced tracking often enables reduced value - in
today's internet identity is the currency we often pay for services. There
is a separate idea going around this group about whether there are methods
of tracking that are reliable and allow for users to opt out.
Anyway, enough of the idea for now - back to work on the more boring
practical stuff...
cheers
Chaals
--
Charles McCathie Nevile - Consultant (web standards) CTO Office, Yandex
chaals@yandex-team.ru Find more at http://yandex.com
Received on Thursday, 6 February 2014 11:02:26 UTC