Werner Koch wk@gnupg.org writes:
[ Then please set an MFT header and my MUA will comply. That discussion is > 15 years old and we have since then a working solution.]
[ Sorry but I have no idea how to do that. However, I added "reply to list" support to gnus a few years ago, it might be useful even if you don't want to use it: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=627516 ]
It is a blacklist: For example: The code loaded from external source may not open a file on user's host. A whitelist would cleary state what the code is allowed to do. But then it wouldn't be a useful language anymore.
My system has always had a webcam but javascript only got to access it when chromium implemented support for it. You might call this a blacklist but at least to me it's looks like a whitelist. Wikipedia is not a good reference but http://en.wikipedia.org/wiki/JavaScript does talk about "granting privileges" which also would imply whitelist and not blacklist :/
See the point about non-free plugins :(
That usually makes the audit easy: We can't audit it thus it shall not be used.
Unfortunately the reality is that it does get used.
Here in the sense that it is a well defined set of code which comes with a signature and can be tracked back to an audit or a trusted source. it can't: MitM attack on PKIX are commonplace. Does anyone really believe that the NSA has no means to ask another secret service to have one of their national CAs issue a malicious certificate? Come on: That system has been corrupted by the PKI business ever since. Nobody can expect that they ever withstood requests from the slouch hats.
No comment ;-)