Brand Indicators for Message Identification (BIMI) is even worse than Extended Validation (EV) certificates.
bimigroup.org
$1500/year to purchase a Verified Mark Certificate (VMC) as proof that you own a trademark for a logo in order to have Gmail display it to users.
Conversation
They present it as if it's a way of encouraging adoption of DMARC. Gmail doesn't use an enforcing DMARC policy yet so it fails their own check for BIMI readiness.
Perhaps fix that and add proper authenticated transport encryption support for Gmail instead of this silly nonsense.
1
5
The SVG Tiny Portable/Secure format is neat though. It's a further restricted form of SVG Tiny 1.2 created as part of the BIMI standard.
datatracker.ietf.org/doc/html/draft
Talked about this with last year right before this new standard was available:
Quote Tweet
Replying to @DanielMicay and @RichFelker
The full specification of SVG 2 does actually have the concept of secure and static modes:
w3.org/TR/SVG2/confor
'Secure static mode' disables external references, scripts, declarative animation and interactivity. It's still an insanely complicated specification though.
1
6
SVG Tiny Portable/Secure is SVG Tiny 1.2 without scripts, animations, interactivity, external references of any kind or x/y attributes in the root element.
Most tools don't support it yet so you need to export the most minimal supported format and manually convert. It's easy.
2
1
2
Replying to
I never really thought about this.... but why does the image format have scripting in its standard?
1
Replying to
It was intended to be usable as a replacement for Adobe Flash without involving HTML. It supports animations and interactivity along with generic scripting capabilities.
SVG even had networking support standardized before JS WebSockets were a thing:
w3.org/TR/2004/WD-SVG
2
1
SVG Tiny 1.2 is a far more reasonable standard than normal SVG and SVG Tiny Portable/Secure strips out the animation/interactivity/scripting support among other things.
I have some minor annoyances with SVG Tiny P/S such as how they forgot to allow viewport-fill for the root.
Replying to
“[...] and thus includes a subset of the features included in SVG 1.1 Full, [...]”
That sounds a lot more like an image format, and if it's a subset there shouldn't be any problems reading an SVG tiny with a reader that supports SVG full
w3.org/TR/SVGTiny12/
1
Replying to
SVG Tiny 1.2 still has animation, interactivity, scripting, etc. though. SVG Tiny Portable/Secure (datatracker.ietf.org/doc/html/draft) is a subset of SVG Tiny 1.2 with all of that stripped out so that it's actually a vector image format instead of a complex dynamic application format.
1
1
Show replies