Brand Indicators for Message Identification (BIMI) is even worse than Extended Validation (EV) certificates.
bimigroup.org
$1500/year to purchase a Verified Mark Certificate (VMC) as proof that you own a trademark for a logo in order to have Gmail display it to users.
Conversation
They present it as if it's a way of encouraging adoption of DMARC. Gmail doesn't use an enforcing DMARC policy yet so it fails their own check for BIMI readiness.
Perhaps fix that and add proper authenticated transport encryption support for Gmail instead of this silly nonsense.
1
5
The SVG Tiny Portable/Secure format is neat though. It's a further restricted form of SVG Tiny 1.2 created as part of the BIMI standard.
datatracker.ietf.org/doc/html/draft
Talked about this with last year right before this new standard was available:
Quote Tweet
Replying to @DanielMicay and @RichFelker
The full specification of SVG 2 does actually have the concept of secure and static modes:
w3.org/TR/SVG2/confor
'Secure static mode' disables external references, scripts, declarative animation and interactivity. It's still an insanely complicated specification though.
1
6
SVG Tiny Portable/Secure is SVG Tiny 1.2 without scripts, animations, interactivity, external references of any kind or x/y attributes in the root element.
Most tools don't support it yet so you need to export the most minimal supported format and manually convert. It's easy.
Replying to
SVG Tiny Portable/Secure is a sane vector image format which is certainly not what you'd expect from anything called SVG at this point.
BIMI itself seems really stupid but at least something good came out of them standardizing this. Should start pushing SVG Tiny PS elsewhere.
1
1
3
Can see we have BIMI for grapheneos.org now via bimigroup.org/bimi-generator/. GrapheneOS trademark is in the process of being registered but there's no way in hell we're paying $1500/year to get it verified. I'd even struggle to justify paying $25/year for this silly feature.
1
3
Replying to
I never really thought about this.... but why does the image format have scripting in its standard?
1
Replying to
It was intended to be usable as a replacement for Adobe Flash without involving HTML. It supports animations and interactivity along with generic scripting capabilities.
SVG even had networking support standardized before JS WebSockets were a thing:
w3.org/TR/2004/WD-SVG
2
1
Show replies