Brand Indicators for Message Identification (BIMI) is even worse than Extended Validation (EV) certificates.
bimigroup.org
$1500/year to purchase a Verified Mark Certificate (VMC) as proof that you own a trademark for a logo in order to have Gmail display it to users.
Conversation
They present it as if it's a way of encouraging adoption of DMARC. Gmail doesn't use an enforcing DMARC policy yet so it fails their own check for BIMI readiness.
Perhaps fix that and add proper authenticated transport encryption support for Gmail instead of this silly nonsense.
1
5
The SVG Tiny Portable/Secure format is neat though. It's a further restricted form of SVG Tiny 1.2 created as part of the BIMI standard.
datatracker.ietf.org/doc/html/draft
Talked about this with last year right before this new standard was available:
Quote Tweet
Replying to @DanielMicay and @RichFelker
The full specification of SVG 2 does actually have the concept of secure and static modes:
w3.org/TR/SVG2/confor
'Secure static mode' disables external references, scripts, declarative animation and interactivity. It's still an insanely complicated specification though.
1
6
SVG Tiny Portable/Secure is SVG Tiny 1.2 without scripts, animations, interactivity, external references of any kind or x/y attributes in the root element.
Most tools don't support it yet so you need to export the most minimal supported format and manually convert. It's easy.
2
1
2
Replying to
I never really thought about this.... but why does the image format have scripting in its standard?
1
Replying to
It was intended to be usable as a replacement for Adobe Flash without involving HTML. It supports animations and interactivity along with generic scripting capabilities.
SVG even had networking support standardized before JS WebSockets were a thing:
w3.org/TR/2004/WD-SVG
SVG Tiny 1.2 is a far more reasonable standard than normal SVG and SVG Tiny Portable/Secure strips out the animation/interactivity/scripting support among other things.
I have some minor annoyances with SVG Tiny P/S such as how they forgot to allow viewport-fill for the root.
1
1
Replying to
“[...] and thus includes a subset of the features included in SVG 1.1 Full, [...]”
That sounds a lot more like an image format, and if it's a subset there shouldn't be any problems reading an SVG tiny with a reader that supports SVG full
w3.org/TR/SVGTiny12/
1
Show replies
Replying to
I never knew about the replacing flash part... guess that never properly took off and is sort of redundant now with opengl being accessible through JavaScript
1
Replying to
SVG is as horrifying as HTML or PDF. The vast majority of implementations only provide a small subset of the standard and don't actually provide a full implementation of any profile. Browsers sort of implement SVG 1.1 but they skip a lot of it and don't really do it properly.
1
1
Show replies