The idea that you can combine full hypertext and security is absurd. IMNHO this is the most significant problem with email (and many "secure" messaging stacks that allow "rich content"). Sure, it's possible to define a secure subset of html (basically bold/italics/underline, tables and headers).
But everyone adds transclusion (in-line rendering of linked content, which leaks data and opens up the door to bugs), fonts (ie: programs), images (historically not a great idea), and some even Javascript!
And that's not even all the muas that runs in the browser, and try to expose some safe subset of itself to be used for rendering the mail body.
So, html Email is insecure, when contrasted with plain text email.
Using pgp as "code signing" for hypertext applications ("html emails") isn't nearly enough.
Sadly, afaik there's no agreed "safe" rich text format for mail. Absurdly rtf would probably be better than html mail.
Anyway, I don't see how anyone could expect html mail to be safe in the first place.
But everyone adds transclusion (in-line rendering of linked content, which leaks data and opens up the door to bugs), fonts (ie: programs), images (historically not a great idea), and some even Javascript!
And that's not even all the muas that runs in the browser, and try to expose some safe subset of itself to be used for rendering the mail body.
So, html Email is insecure, when contrasted with plain text email.
Using pgp as "code signing" for hypertext applications ("html emails") isn't nearly enough.
Sadly, afaik there's no agreed "safe" rich text format for mail. Absurdly rtf would probably be better than html mail.
Anyway, I don't see how anyone could expect html mail to be safe in the first place.