> On 10.01.2024 at 21:59 Randolf Richardson, Postmaster via mailop > wrote: > > > What's missing from BIMI in its current form? The option > > for mail server oparators to use the same TLS certificates that > > we're already using for our mail servers (and web servers, > > and FTP servers, etc.). > > A server certificate only verifies domain ownership. It does > not include any logos, so it's not suitable to authenticate a > BIMI selector. Therefor a server certificate cannot be used > as evidence whether a domain is entitled to use a certain logo > or not.
Correct. The requirement that a logo's source be encrypted by a TLS (SSL) certificate that is valid for the domain of the sender is doable, though. Disallowing redirection to a different domain name (that's not covered by SNI) is also doable. I've also seen some discussion on using a TLS or SSL certificate to calculate a signature or fingerprint on an arbitrarily selected file, which cover examples of using OpenSSL commands to do it, but I haven't looked into this. > Besides AFAIK the list price for a Verified Mark Certificate > is 1500$. Depending on other contracts which a company > might already have with the CA they'd probably receive a 10% to > 90% discount. Even without any discount, 1500$ per year is > not really something which I would consider a barrier for > anyone but very small shops. Even a 3 person business will > probably pay more for coffee than for the certificate per year. The price for registering a trademark in Canada is CAD$347.35 (USD$259.72 according to Google on 2024-Jan-13), and, as I recall, this covers 15 years (and then it needs to be renewed again for the next 15 years, probably for the same price or whatever the registration price is at that time). The cost for BIMI's "Verified Mark" certificate for 15 years (to match the registered trademark cost) would be USD$22,500.00, which is approximately 87 times more expensive. People are right to be concerned about the costs of certifying their BIMI logos because it's so far out of touch with what it acdtually costs to get a registered trademark. If the cost of the certificates was more in line with the cost of registering a trademark, then people probably wouldn't be so inclined to wonder if this might be yet another money making scheme. -- Postmaster - postmas...@inter-corporate.com Randolf Richardson, CNA - rand...@inter-corporate.com Inter-Corporate Computer & Network Services, Inc. Vancouver, British Columbia, Canada https://www.inter-corporate.com/ _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop