Although I can appreciate the spartan/techy/nerdy/hackery vibe of using plaintext, from a practical point of view I also think it is, frankly, a bit silly. We have this great thing called the hypertext markup language that allows us to link documents together and add a layer of semantic meaning, and do it in a way that is user friendly and accessible, things I care strongly about.
The dot txt extension is probably also an implicit reference to robots.txt and humans.txt, but we have to understand that robots.txt are mainly to be interpreted by, well, robots, and humans.txt and security.txt by humans. So, different rules apply, and .txt actually does not make much sense for security.txt (and actually even less for humans.txt), because it is very limited in semantics and accessibility.
A simple solution would be to allow HTML. If we still want to somewhat force a format, and allow automated systems to be able to do some parsing, we could redefine the proposed fields in a microformat and/or JSON-LD, which should then be applied to the HTML. (These are things I would be willing to write proposals for.)
Proposed allowed end-points:
/security.txt/security.html/security (as either text/html or text/plain)/.well-known/security.txt/.well-known/security.html/.well-known/security (as either text/html or text/plain)
The standard would still be called security.txt, and authors would still be allowed to use plaintext, but this would open up the possibility for authors that are more concerned with accessibility and usability to hop on the bandwagon.
P.S. I actually really like this project a lot, and have been implementing security.txt (in plaintext) on dozens of websites; I just feel like I need to make a case for HTML, because this trend of using plaintext for humans feels regressive.
Although I can appreciate the spartan/techy/nerdy/hackery vibe of using plaintext, from a practical point of view I also think it is, frankly, a bit silly. We have this great thing called the hypertext markup language that allows us to link documents together and add a layer of semantic meaning, and do it in a way that is user friendly and accessible, things I care strongly about.
The dot txt extension is probably also an implicit reference to
robots.txtandhumans.txt, but we have to understand thatrobots.txtare mainly to be interpreted by, well, robots, andhumans.txtandsecurity.txtby humans. So, different rules apply, and.txtactually does not make much sense forsecurity.txt(and actually even less forhumans.txt), because it is very limited in semantics and accessibility.A simple solution would be to allow HTML. If we still want to somewhat force a format, and allow automated systems to be able to do some parsing, we could redefine the proposed fields in a microformat and/or JSON-LD, which should then be applied to the HTML. (These are things I would be willing to write proposals for.)
Proposed allowed end-points:
/security.txt/security.html/security(as eithertext/htmlortext/plain)/.well-known/security.txt/.well-known/security.html/.well-known/security(as eithertext/htmlortext/plain)The standard would still be called security.txt, and authors would still be allowed to use plaintext, but this would open up the possibility for authors that are more concerned with accessibility and usability to hop on the bandwagon.
P.S. I actually really like this project a lot, and have been implementing
security.txt(in plaintext) on dozens of websites; I just feel like I need to make a case for HTML, because this trend of using plaintext for humans feels regressive.