They present it as if it's a way of encouraging adoption of DMARC. Gmail doesn't use an enforcing DMARC policy yet so it fails their own check for BIMI readiness.
Perhaps fix that and add proper authenticated transport encryption support for Gmail instead of this silly nonsense.
Conversation
The SVG Tiny Portable/Secure format is neat though. It's a further restricted form of SVG Tiny 1.2 created as part of the BIMI standard.
datatracker.ietf.org/doc/html/draft
Talked about this with last year right before this new standard was available:
Quote Tweet
Replying to @DanielMicay and @RichFelker
The full specification of SVG 2 does actually have the concept of secure and static modes:
w3.org/TR/SVG2/confor
'Secure static mode' disables external references, scripts, declarative animation and interactivity. It's still an insanely complicated specification though.
1
6
SVG Tiny Portable/Secure is SVG Tiny 1.2 without scripts, animations, interactivity, external references of any kind or x/y attributes in the root element.
Most tools don't support it yet so you need to export the most minimal supported format and manually convert. It's easy.
2
1
2
Replying to
I never really thought about this.... but why does the image format have scripting in its standard?
1
Replying to
It was intended to be usable as a replacement for Adobe Flash without involving HTML. It supports animations and interactivity along with generic scripting capabilities.
SVG even had networking support standardized before JS WebSockets were a thing:
w3.org/TR/2004/WD-SVG
2
1
SVG Tiny 1.2 is a far more reasonable standard than normal SVG and SVG Tiny Portable/Secure strips out the animation/interactivity/scripting support among other things.
I have some minor annoyances with SVG Tiny P/S such as how they forgot to allow viewport-fill for the root.
1
1
Replying to
“[...] and thus includes a subset of the features included in SVG 1.1 Full, [...]”
That sounds a lot more like an image format, and if it's a subset there shouldn't be any problems reading an SVG tiny with a reader that supports SVG full
w3.org/TR/SVGTiny12/
1
Replying to
SVG Tiny 1.2 still has animation, interactivity, scripting, etc. though. SVG Tiny Portable/Secure (datatracker.ietf.org/doc/html/draft) is a subset of SVG Tiny 1.2 with all of that stripped out so that it's actually a vector image format instead of a complex dynamic application format.
1
1
They also stripped out a bunch of the overly complex vector image support and a ton of other things. There are a couple things like viewport-fill for the root which should be supported and are strangely absent. I think it just a mistake in defining the grammar and I emailed them.
1
1
Replying to
wait the "tiny" format still has all of those features?
That seems a bit... convoluted
Reminds me of how Adobe Reader has a dedicated "Read Mode", quite ironic I would say
1
Replying to
SVG Tiny 1.2 still has those things. SVG Tiny Portable/Secure is the first sane form of SVG. They released the first draft of SVG Tiny Portable/Secure in July 2020 and the 2nd draft recently came out in March 2021. It was made to have a far safer form of SVG for BIMI to use.
Since these will get rendered in email clients so it should really be something portable and secure.
Typical legacy SVG 1.1 is insanely complex and even SVG Tiny 1.2 is far too complicated to have reasonably complete and secure implementations. They had to make this sane subset.
1
Replying to
I see, that's some interesting backstory.
I get your point about the format being a failed experiment. I feel like this progress should have been the other way around, i.e. defining the most minimal vector image format as a foundation, and expanding upon that.
1
Show replies