[Bimi] Re: Verified Mark Certificates with SVGs not compliant with the Tiny PS profile
Hanno Böck <hanno@hboeck.de> Mon, 27 May 2024 11:56 UTC
Return-Path: <hanno@hboeck.de>
X-Original-To: bimi@ietfa.amsl.com
Delivered-To: bimi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B4478C1840E5 for <bimi@ietfa.amsl.com>; Mon, 27 May 2024 04:56:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=hboeck.de
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Zq4nEMU9-8_X for <bimi@ietfa.amsl.com>; Mon, 27 May 2024 04:55:56 -0700 (PDT)
Received: from zucker.schokokeks.org (zucker.schokokeks.org [IPv6:2a01:4f8:121:1ffe:1::2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AA338C15107C for <bimi@ietf.org>; Mon, 27 May 2024 04:55:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hboeck.de; s=key1; t=1716810952; bh=89TsZMnGOmRwFJBnl7QWJXIBLk+JGPDIrHf9MHQ3yhk=; h=Date:From:To:Subject:Message-ID:In-Reply-To:References: MIME-Version:Content-Type:Content-Transfer-Encoding; b=KY7gEsYnCUfQ/eLgBOeDgTKQ1Ks7YL02CBF2Da1tVdE7RTWvH0kXKbdQWUbe/t6mu h8xWtnXOtl41R98U8ydsNcdcIWYZrPynk4GYTkvS5KtjyQ3ia5B4KkFyr2QOh48RTR oHHng+O7rv6BwaoCIFWYyCXjH8C+7kG/vo7Sy7j0aAo7/WJOiNKUdSBiAqNmnEt8f4 8x1KmmxmXJBde5vqUUa7PLTAwgJOy3NgGX2KP5gXxfI54s69DZ5pv/SeLxvu59HfWQ OgHlEpz1kjnM5A9CaC8XZ8hovPjEhVb6FBe20zbTGjSr57AOuw/CoBEJrtv3M5ytNJ 5saFuFW2Hi7QQ==
Original-Subject: Re: [Bimi] Re: Verified Mark Certificates with SVGs not compliant with the Tiny PS profile
Author: Hanno Böck <hanno@hboeck.de>
Date: Mon, 27 May 2024 13:55:47 +0200
From: Hanno Böck <hanno@hboeck.de>
To: bimi@ietf.org
Message-ID: <20240527135547.22a2bc78@computer>
In-Reply-To: <MN2PR11MB435164600A8E7C7EC70D2826F7F72@MN2PR11MB4351.namprd11.prod.outlook.com>
References: <20240526112810.5774423f@computer> <MN2PR11MB435164600A8E7C7EC70D2826F7F72@MN2PR11MB4351.namprd11.prod.outlook.com>
X-Mailer: Claws Mail 4.2.0 (GTK 3.24.42; x86_64-pc-linux-gnu)
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: CJHRU5URFKB3B74KTLP3CFC3P4M4DUQT
X-Message-ID-Hash: CJHRU5URFKB3B74KTLP3CFC3P4M4DUQT
X-MailFrom: hanno@hboeck.de
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [Bimi] Re: Verified Mark Certificates with SVGs not compliant with the Tiny PS profile
List-Id: Brand Indicators for Message Identification <bimi.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/bimi/JArr2QoK6EE23uGly5XwBJZ1-JE>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bimi>
List-Help: <mailto:bimi-request@ietf.org?subject=help>
List-Owner: <mailto:bimi-owner@ietf.org>
List-Post: <mailto:bimi@ietf.org>
List-Subscribe: <mailto:bimi-join@ietf.org>
List-Unsubscribe: <mailto:bimi-leave@ietf.org>
On Sun, 26 May 2024 23:10:17 +0000 "Brotman, Alex" <Alex_Brotman=40comcast.com@dmarc.ietf.org> wrote: > All that being said, I'd be interested to take a peek at a few, if > you're willing to share the domains. Feel free to send them > privately if you prefer. I've shared all the affected certs here: https://github.com/hannob/vmcval/blob/main/testdata/invalid-digicert.txt https://github.com/hannob/vmcval/blob/main/testdata/invalid-entrust.txt These are IDs from crt.sh, you can access the certs via https://crt.sh/?id=[id] or directly download them via https://crt.sh/?d=[id] You can also use the vmcval script to extract the svgs from the certs: vmcval -s [filename.svg] [cert] -- Hanno Böck - Independent security researcher https://itsec.hboeck.de/
- [Bimi] Verified Mark Certificates with SVGs not c… Hanno Böck
- [Bimi] Re: Verified Mark Certificates with SVGs n… Brotman, Alex
- [Bimi] Re: Verified Mark Certificates with SVGs n… Hanno Böck