[Bimi] Re: Verified Mark Certificates with SVGs not compliant with the Tiny PS profile
"Brotman, Alex" <Alex_Brotman@comcast.com> Sun, 26 May 2024 23:10 UTC
Return-Path: <Alex_Brotman@comcast.com>
X-Original-To: bimi@ietfa.amsl.com
Delivered-To: bimi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C6661C14F6A0 for <bimi@ietfa.amsl.com>; Sun, 26 May 2024 16:10:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.895
X-Spam-Level:
X-Spam-Status: No, score=-1.895 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm)"; dkim=pass (1024-bit key) header.d=comcastcorp.onmicrosoft.com header.b="cKf2Wu7u"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Tn2buWHeyy7f for <bimi@ietfa.amsl.com>; Sun, 26 May 2024 16:10:34 -0700 (PDT)
Received: from mx0b-00143702.pphosted.com (mx0b-00143702.pphosted.com [148.163.141.77]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 46BA0C14F61A for <bimi@ietf.org>; Sun, 26 May 2024 16:10:33 -0700 (PDT)
Received: from pps.filterd (m0184890.ppops.net [127.0.0.1]) by mx0b-00143702.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 44QN1pka009355; Sun, 26 May 2024 19:10:28 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcast.com; h=content-transfer-encoding:content-type:date:from:in-reply-to:message-id:mime-version:references:subject:to; s=20190412; bh=s6BLMa1CzeFyAUtK+b5Qj+cCbPZAuGv7tFGzCgyOPlA=; b=z4HnxVxhjUspN1aZebv91rkYdgbWwjMHy7cCFxcm9VqMSvE1yPVGRG6FS9Z4H8b4yvus KRUan00bPwxaSe3dUtaakck8gYj+UAUVPCSqQ1sVv1zkeum76+Ll77xFHz7QskqbsF5O JkKeGUgQM5acJ9r3ZTVzPJueKVu6b6uW3da+C+H5CAQJ6VUDb9WkeCwp/IoRHJEfAErp R6yH+4Zt14gUIAm9HkFW2zb9oMdm66mDwsLZSduNIfPLoreusmE/GkexOLbbAyV8OTll 00lC6xfnNwuek6ntZpRACpigbf64+3xErF9k76bq7pPyi+I1c2mTDqNkAtLU00CYK3+P Nw==
Received: from nam11-bn8-obe.outbound.protection.outlook.com (mail-bn8nam11lp2173.outbound.protection.outlook.com [104.47.58.173]) by mx0b-00143702.pphosted.com (PPS) with ESMTPS id 3ybc3gnt2d-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sun, 26 May 2024 19:10:27 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=djm4bFbT+idJwLWugf2iJAyQmzi4F+DDXoHEOp6eMFw5R0rVwntjTMdiJ/8ZVmKMRlcKp+V6kYy/gRB0XfyNPldn54wBJmBaxAEVGdJUdosLol+tFHSP5gKfq2rA8MIQDTMdofmOMN2k4s0bo8RweJACPyNsWxGr6FHyZwE0juhNGWNx6doyB7bPCZVuKmiE8lPTH+phlMVnq3MABESH0ZOoquvTr7yaK3kERn2GYSkoIY8YrH3dXTUFcsUGEUoH8JiUhpN8Z00ekcOkczTyW230JnFfrueIAqME1lLajd4pbAs5JACZA2ytKycr6vtQSFZ9LBgSVD9vN5r0SZUOlw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=s6BLMa1CzeFyAUtK+b5Qj+cCbPZAuGv7tFGzCgyOPlA=; b=J6vTfvTb2ber5bHquc+iuQrn8IhHwosKVlec/cj+nIUTBvY30YoAPC4sDv6BJuwchnvqIbJkRdRWi76GkS/g52nRpkBU/bFv2oBaiUaRsoPJ9A0iHY+4jpt1q9abU82Xz7Yqv6X0iI4oIU0eLrcNH+hPhGHSOtpdxz/klDdzBJ6Hq+Y+R9gIts1LHUpfTvykp/ccM54LpwAyQdVkVsa6LY05DGmKwflxFtBMvOnxLlWOLSwmKEBrGYDlrSrZb++lr8dFEowGGl0/gOG8OgdgPNsVstdheq7bjj8lwFERrzmDsGL4VOhFT1ro8+cB5TF4YRkxqjvZdA3kmMKMk7WqKw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=comcast.com; dmarc=pass action=none header.from=comcast.com; dkim=pass header.d=comcast.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcastcorp.onmicrosoft.com; s=selector1-comcastcorp-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=s6BLMa1CzeFyAUtK+b5Qj+cCbPZAuGv7tFGzCgyOPlA=; b=cKf2Wu7ubFA3ka9C8Au+ZxcA0SbhNbuJO92V2QDgltKneF/LzQGSsH+yBhIORBQ8Eyk1W9a8jS/62jKNboO6iDakwYoNomj0kfY1l/ymLkyhngkbFO3OR4yjSlxoglC92ZNkWijyVaabBhT/nHXTTrSpU5gOcYU/+7nEP2UhX5U=
Received: from MN2PR11MB4351.namprd11.prod.outlook.com (2603:10b6:208:193::31) by DM4PR11MB7301.namprd11.prod.outlook.com (2603:10b6:8:10a::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7611.29; Sun, 26 May 2024 23:10:18 +0000
Received: from MN2PR11MB4351.namprd11.prod.outlook.com ([fe80::840:973a:24a:9353]) by MN2PR11MB4351.namprd11.prod.outlook.com ([fe80::840:973a:24a:9353%5]) with mapi id 15.20.7611.025; Sun, 26 May 2024 23:10:18 +0000
From: "Brotman, Alex" <Alex_Brotman@comcast.com>
To: Hanno Böck <hanno@hboeck.de>, "bimi@ietf.org" <bimi@ietf.org>
Thread-Topic: [Bimi] Verified Mark Certificates with SVGs not compliant with the Tiny PS profile
Thread-Index: AQHar08zO2qy9PPTR0uu/hPUNK5sUbGqI0fQ
Date: Sun, 26 May 2024 23:10:17 +0000
Message-ID: <MN2PR11MB435164600A8E7C7EC70D2826F7F72@MN2PR11MB4351.namprd11.prod.outlook.com>
References: <20240526112810.5774423f@computer>
In-Reply-To: <20240526112810.5774423f@computer>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_15652fe2-2b59-4d95-925c-ee86d789ff67_ActionId=0eb7e348-9601-4f64-b9ad-f1d80ae49df6;MSIP_Label_15652fe2-2b59-4d95-925c-ee86d789ff67_ContentBits=0;MSIP_Label_15652fe2-2b59-4d95-925c-ee86d789ff67_Enabled=true;MSIP_Label_15652fe2-2b59-4d95-925c-ee86d789ff67_Method=Standard;MSIP_Label_15652fe2-2b59-4d95-925c-ee86d789ff67_Name=Confidential (C);MSIP_Label_15652fe2-2b59-4d95-925c-ee86d789ff67_SetDate=2024-05-26T23:03:40Z;MSIP_Label_15652fe2-2b59-4d95-925c-ee86d789ff67_SiteId=906aefe9-76a7-4f65-b82d-5ec20775d5aa;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: MN2PR11MB4351:EE_|DM4PR11MB7301:EE_
x-ms-office365-filtering-correlation-id: 3d89ac3e-a70e-49e9-79d6-08dc7dd9024d
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230031|1800799015|376005|7093399003|366007|38070700009;
x-microsoft-antispam-message-info: Pc29XnUmctP655/Py2/XGNgv22S0MnTi1nHRKL+Uj+1QX2qCoU/U5S4FkRLApYhWRYqVyRFNS1sP7kmgB8m7OYpba4pbAuAyz81oCr0qMmrmBY4hpdAgECHVHcRBXV8EWS0SW381Ko7nhjAVItJRflGItnEUtyezgFYGjSSnBkqvwvIdgZB40uDt6wyEPM+y8OqsOvpruVrOq0jks9zfyRMW7vSgUh2WIoEEBtHqDkfijdgUnso6qM3UjNv8zSxWhVxXhj6Z1x12lYUo+r2P7iw1Vt9+c3nYEeL0D7IUypCOjNLXvgofu1Uqivtq2pjoYtkCVA6PKekz2a3m7ty4g1RK/yZvhsTRb50EWSXJJIDhvskiY52UkR+XZyHaiBIqq6PfYtYXBDwyCtYbS59wpq3ir1KwK+DimFQKcFG3Kc35IuULvrXeekZrPp6qcFuitDhvBu47hXa3V2bdjoKFLr60yN/ObYH0XM3Qu+WYLkKizDJIm4ltfqFmxS3hbllembM+qL0j9cIBrNsoLH3NuOy3eYJQ3KdYoPQW4z/+L5kdA9Dq6vlDnQrMNpUG+Zgn8yvDdxkJNbXoN7RNfuTAln9yYuhWSgZ73YUJVU9vjD8mavkDGcSvd5Si2iYh8t0vBU0P2rshdxjOGu/0lpVBrqFqyoRmeWwVOjQVdSKO/IGvlLQFhhodCuG7cqYzslvllEJHFsQRcuyagylRp69S0c/sy6jxoXazX/lmSHE9lIvvCY5pKqc3Pl+Pa1RpS5e5nnRKk67pe2d7Z6LGFBwjJIgQb7CKSW+dGMgvMHUGamvOi19s5B2sQrVAc9Sdcm76oqXwkgzWHDVz1OlrDMH4TedI4PYwpJbFGbVbPhzpG02CSUbijS7r6+quv8vZ78007xzCpndCcqc4Aqi1Dnb2aDrU8NTHPQ7gy/2H/CbpfLwazvQ0qHmqsLbGTMwpVvX2VdisbbXWJR8zqStcVjq/G52Q779zrKw0pi8hdcLqf0scrw4AIYhBgaXhVOeN1yypReV02gJAZ+AmUSY6lsQFjHIYZ52U8P866JqQ6W+sMMHWaJW0VNxCG3oriBdr9cE0+6rIlTDSk15XNaM9aCiqR7UmNjDQ6fBM75qTHGPiiufFBEMnWbL/7dU7CtqJdkg6LIm0ewz4QuRo7lyVUmUvnHl8lNyu7/FdvYQAk6kvUuBqwYFYO2UbYNijlnbLwD8R/hYnH3/mrcmMmHAZS7Nm2VDMvboDxTJ1DDA5/pb9WoLe0TlyZcqbuK+2md9uaCMVLhmVYHLd3XpRE1lF6fftIUmqCzc6ov7aQYnEENl44nR2mUAaLkZNHaDb50INmVxt
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MN2PR11MB4351.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230031)(1800799015)(376005)(7093399003)(366007)(38070700009);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: GRG36AIlBalxP/I+xxo8w3vjPWlNCWUWo4nVZUZDfKTg0xVzhRddxyMFSZx8RwZ6rTmueZDTKGnj3hI4VvI6WhC9Rw1CAW6Jy4xKbST6Icjn8Y0kjLlv79pH2aFBnWGpWneBTH0aD/Gyrk334t1oMB+6IfuoJSABuOsl7EaAbN2++pX+3kdCrWFAcpWNpU2+SG2JEta1nLjrXjinql6OXW3ZdYmMt0Pdo0TyE8rVHQ1z4bEQEjrxL2CZcbTE8/+wgUiYp3FKl2RFLjLw9VXjtaj5jDFxbHd+JXXdL3PWOA9WCtVbz/WkAmgPlO1lhaKlFPjB5eo4lD8jRuOBwKfMx3q0m9k3SPUBocKDIaLENBnFd72Bxuyx23Ec7TzG1P5a+TDtc1ql2fboyakVOWWKqxhfdvPSbQi+qZ+qrN7cShU0ciedVxjVGX4meWdDSGII690scR+JDOzCHoMKm7GlGIDQt8HH44c2RU9A4Vw6+dfqp1g1N2akN+D3sZWvl4quhxWVedddRBPZisKYW5M828sDjBOmKDdkqPD4KUPbHMO91OJwx+Lak0yxZO+Bb3VSgrbfK6m0AQ7nUIzLHMwI52QrxCE5wxTtG6MuBWl7viKxSZgwj1KMQSHWQSFjV6oR1KgPXISEVDbhAWtRXm4vRUH9tH1TCQCXdg3uqfHfr3pR8udKxT+Je2T4KCmsuyqaxGswKrPEtye+Xg5aEslbpGfKbrU9SYFkrVHaLbDVw+kbmlZIhy4H+R2gnKecerlAaBS8k39GF/l7J5xfA4pV0RCpNfY9NlyjXnoeJMXO2fg3y3KeJemEY77qNyfIEn2tZgMdfUq1zVdjvrxwM8Q0UqZxL0lB9jUqglJaJSj4TrLI5KFnJOtxw5TrCEOWgy6oXdsBPrmnSqzlDu5nhWZjSRG6ReU2DmiDbx43bi08yHEliKLf+AJjC8AtccHJVkawB2G1VBkUzI6V55CPchFiL+yUpClv0IaubxECAOBkDjxbps3GiV4t2lGfZ13QSEO35JWKyqK8WWUdZci3bh//yZBBNx1MWF09ZVWH56f0VA72BLI/XXvQ2TIR1wt7kZlhoP3g3Z+7tpBAg6yxJ6euUXPHtB/gHDzworKNu7y3nGNK1mD0y1KDi1QiqmS1I9Ipm/hSUBaxIfaZ9HzCOWwEfX1ypvbsx7P0cjLPsLLHwhyVwW3X0IZ3soro0lcOHtMmg3bRHJdAauJs9dRxdSoA0a9lAFToFV3Nr2e6vt3BxtdwDjU0lt9LBWGu813171Jwyr4MvlkK45rm1H2+sqzjcBGrH1iay+fhFzlnSgtX3gPvYwWxMMRjCvQmOHJP9VBI5RFDNsDp9gyc1Ymll2HZnUZlfM1WdfXNhyYJQFFqgipDPieKRgD5R3CqqEsPQ09+k3s8D+Ug9jUA940xShPGR68upMgTVVD7wKzqzAsASB3tvOoy8O0H16MZdJ3Ifr3ncYe5Zp0f9rfg5/gf7+ZlELIK66qGb75TzeRb1ccLsLiyFz9qHc2yrE1cGr7mVmNZV/X5JnRbiTNwRc71nR+Xuke3h9w96VWZ9hYWcTx2VFmTg++k2w3mPze/CMLcABEgMmef5elFVlS5lX8/ZeJdAcBpwuypN19Xl8E7HXveZp28dxdrnQArnuJ+7EbfAVXS
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: comcast.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MN2PR11MB4351.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 3d89ac3e-a70e-49e9-79d6-08dc7dd9024d
X-MS-Exchange-CrossTenant-originalarrivaltime: 26 May 2024 23:10:17.9426 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 906aefe9-76a7-4f65-b82d-5ec20775d5aa
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Ns7P5/2n61Qdr65raa8Fhoguac0sU34XwJhcdXNzlseCpUpBapyOAWUR5Etp7FjJaKW44CTaERDswrB569f+jKxICbERf3iH9Rb7tY+ovoU=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR11MB7301
X-Proofpoint-GUID: dJm9xmzvps3D_BttI2RudKrLGVBprMpG
X-Proofpoint-ORIG-GUID: dJm9xmzvps3D_BttI2RudKrLGVBprMpG
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1039,Hydra:6.0.650,FMLib:17.12.28.16 definitions=2024-05-26_09,2024-05-24_01,2024-05-17_01
X-Proofpoint-Spam-Reason: safe
Message-ID-Hash: AJFTON33GZGEQEYVY7T6PDP4R2QNAXQO
X-Message-ID-Hash: AJFTON33GZGEQEYVY7T6PDP4R2QNAXQO
X-MailFrom: Alex_Brotman@comcast.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [Bimi] Re: Verified Mark Certificates with SVGs not compliant with the Tiny PS profile
List-Id: Brand Indicators for Message Identification <bimi.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/bimi/SUWq0v6WDGANKqzeTKO-2iPACFM>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bimi>
List-Help: <mailto:bimi-request@ietf.org?subject=help>
List-Owner: <mailto:bimi-owner@ietf.org>
List-Post: <mailto:bimi@ietf.org>
List-Subscribe: <mailto:bimi-join@ietf.org>
List-Unsubscribe: <mailto:bimi-leave@ietf.org>
Hanno, There had been a ticket open with Adobe to properly support PS, though, that doesn't seem likely at the moment. However, recently, they did deploy an update [1] as of 28.5 (released in April) to Illustrator to no longer include those x/y attributes (when using SVG Tiny) that had been causing problems. I realize that any SVGs would need to be re-generated to remove those x/y attributes. It should be noted that those x/y attributes would cause the documents to also fail validation for SVG Tiny. All that being said, I'd be interested to take a peek at a few, if you're willing to share the domains. Feel free to send them privately if you prefer. 1: https://illustrator.uservoice.com/forums/601447-illustrator-desktop-bugs/suggestions/41177212-svg-tiny-1-2-x-y-attributes-in-svg-element -- Alex Brotman Sr. Engineer, Anti-Abuse & Messaging Policy Comcast > -----Original Message----- > From: Hanno Böck <hanno@hboeck.de> > Sent: Sunday, May 26, 2024 5:28 AM > To: bimi@ietf.org > Subject: [Bimi] Verified Mark Certificates with SVGs not compliant with the Tiny > PS profile > > Hi, > > I discovered that SVG logos embedded in many Verified Mark Certificates were > not compliant with the VMC Requirements. > > A security feature of BIMI and VMCs is that the SVG logos should be validated > with the SVG Tiny PS (Portable/Secure) [1] profile, a subset of SVG provided as a > Relax NG schema. This seems like a reasonable idea, as SVG images come with a > range of possible security risks (XML security risks, XSS). > > However, it does not appear that this is taken very seriously within the BIMI > ecosystem. I discovered over 200 VMCs, issued over a time span of more than > four years, with logos not compliant with the SVG Tiny PS profile. Furthermore, it > does not appear that the largest e-mail provider implementing BIMI - Gmail - > validates SVG images according to the specification. > > Between 2019 and today, Entrust has issued 223 certificates with non-compliant > SVGs, more than half of them not yet expired. Digicert has issued two certificates > with non-compliant SVGs and two more with an invalid data url. > > These non-compliant SVGs were likely mistakes and not part of an attack. There > are recommendations by BIMIGroup and Gmail to manually edit SVG files created > by Adobe Illustrator to comply with this profile. Unsurprisingly, this is not very > reliable. > > You can find a quick and dirty script to validate SVGs in VMCs here [3]. You can > also find a full list of affected certificates via their crt.sh IDs there in the > subdirectory testdata. > > I reported the issue to Entrust's problem-reporting mail addresses on 2024-05-17. > I received an irritating autoreply indicating that this mail address was only meant > for existing Entrust customers. ("We are unable to associate your email address > with an active account or order number and are unable to determine your > support contract.") However, Entrust later confirmed that this is their correct > problem reporting address, and the issue was addressed. > > I had "accidentally" not reported all unexpired certs with invalid SVGs that I had > found and added a few certs with valid SVG files. (I may have done that to test > whether Entrust would notice it.) > > To their credit, Entrust did not revoke the certificates with valid SVGs and they > revoked all the certificates with invalid SVGs, including those I had not reported. > Entrust revoked all affected certificates as of 2024-05-23. This is slightly longer > than the 5 days that the VMC requirements demand[2]. > > The affected Digicert certificates were all expired. Therefore, I have not reported > them. > > I also noticed that certificates with those not validating SVGs would still be > displayed within Gmail. I reported this to Gmail, but they appear to have decided > that it is not an issue deserving their attention. ("We've decided that the issue you > reported is not severe enough for us to track it as a security bug.") > > I was surprised by this reaction. I would expect security-conscious implementors > of BIMI to validate SVGs against the security profile. > While I assume Gmail has additional security measures like sandboxing their SVG > renderer, there is an important indirect effect that such a validation would have: > it is very likely that this issue would have been detected much sooner if the invalid > logos had not been displayed in Gmail. > > Ultimately, the most noteworthy part of this issue is that it stayed undetected for > so long. Over a timeframe of more than four years, Entrust has issued over 200 > certificates with SVG files not validating against the security profile. Entrust did > not notice it, and neither did anyone else. It does not appear anyone is > monitoring the VMC/BIMI ecosystem for compliance with the specs and security > requirements. > > > [1] https://urldefense.com/v3/__https://bimigroup.org/resources/SVG_PS- > latest.rnc.txt__;!!CQl3mcHX2A!GpM0XUO_Vl07CUJ7oWbLZFHVe1STYYR5SJ1H2G > tsXIgbJvzy-ZiTutuGb9aMsJaJDZA9MvDhh9h2IBSP12X34fM$ > [2] > https://urldefense.com/v3/__https://bimigroup.org/resources/VMC_Requiremen > ts_latest.pdf__;!!CQl3mcHX2A!GpM0XUO_Vl07CUJ7oWbLZFHVe1STYYR5SJ1H2G > tsXIgbJvzy-ZiTutuGb9aMsJaJDZA9MvDhh9h2IBSPKtbwqxk$ > [3] > https://urldefense.com/v3/__https://github.com/hannob/vmcval__;!!CQl3mcHX > 2A!GpM0XUO_Vl07CUJ7oWbLZFHVe1STYYR5SJ1H2GtsXIgbJvzy- > ZiTutuGb9aMsJaJDZA9MvDhh9h2IBSP6vcW0xw$ > > -- > Hanno Böck - Independent security researcher > https://urldefense.com/v3/__https://itsec.hboeck.de/__;!!CQl3mcHX2A!GpM0X > UO_Vl07CUJ7oWbLZFHVe1STYYR5SJ1H2GtsXIgbJvzy- > ZiTutuGb9aMsJaJDZA9MvDhh9h2IBSPj5luxag$ > > -- > bimi mailing list -- bimi@ietf.org > To unsubscribe send an email to bimi-leave@ietf.org
- [Bimi] Verified Mark Certificates with SVGs not c… Hanno Böck
- [Bimi] Re: Verified Mark Certificates with SVGs n… Brotman, Alex
- [Bimi] Re: Verified Mark Certificates with SVGs n… Hanno Böck