W3C home > Mailing lists > Public > public-webfonts-wg@w3.org > February 2011

RE: Minutes, 16 February 2011 WebFonts WG telcon

From: Sylvain Galineau <sylvaing@microsoft.com>
Date: Sun, 20 Feb 2011 17:11:24 +0000
To: Maciej Stachowiak <mjs@apple.com>
CC: "Levantovsky, Vladimir" <Vladimir.Levantovsky@MonotypeImaging.com>, Håkon Wium Lie <howcome@opera.com>, "public-webfonts-wg@w3.org" <public-webfonts-wg@w3.org>
Message-ID: <045A765940533D4CA4933A4A7E32597E2AB62B09@TK5EX14MBXC120.redmond.corp.microsoft.com>
[Maciej Stachowiak:]
> I think once we have a high volume of content making use of this feature,
> we will not be able to change the default in either direction. We can't
> change a loose default to a restrictive default, or pages are likely to
> break. But if we change a restrictive default to a loose default, it will
> probably introduce security issues. That's why I am treating this as a
> "for all time" decision and not a "for today" decision.

Sorry, I don't understand this. The default behavior currently implemented
by IE and Firefox is stricter, not looser. It was also agreed that in no
way did this mechanism represent a security measure as an attacker is 
perfectly able to set the HTTP header required for the font to be delivered.

So what are we talking about ?
Received on Sunday, 20 February 2011 17:11:57 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:34:15 UTC