RE: Question on DSIG and head flag 11

Hi Cosimo,

Thank you for reviewing the spec and for your comments. You are right that fonts with TrueType and CFF outlines are handled differently by WOFF2. Fonts with TrueType outline will always undergo the modifying transform, which preserves the functionality of a font but will inevitably have an effect on the binary representation of the font data and, therefore, is guaranteed to invalidate the checksums and digital signatures. This is why OpenType fonts have bit 11 of the 'head' table flags field defined to indicate that such condition has occurred.

It is also true that CFF outlines are not subjected to the same modifying transform as TTF would be, and are only compressed using lossless compression algorithm (Brotli); however, as you correctly mentioned in your email the fonts with CFF outlines may still be subjected to modifications such as table reordering (which may happen on either the encoder side, as is the case with the OTS implementation, or in the decoder if the tables are reordered to comply with OpenType/OFF recommendations). Although the binary content of individual font tables will be preserved 100%, the table order changes will have an effect on table directory, causing the checksum and DSIG to be invalidated as a result.

The WG has discussed this at lengths, and we decided that instead of offering a false sense of security by preserving digital signatures that are most likely be invalidated by WOFF2, we would rather remove them and indicate that a font was subjected to a modifying transform. These changes, when applied to a webfont, don't affect font usability and, as you also pointed out, browsers do not check the integrity of the DSIG table even when it's present. We believe that the WOFF2 process provides quite a few safeguards against possible attempts to manipulate with the font data (and there are many conformance cases when a decoder is required to  invalidate the font if data integrity is compromised) - removal of the DSIG table doesn’t seem to have an effect on anything other than data size. We will review the relevant portions of the spec at the upcoming WG conference call to see if any additional language changes would be needed to clarify the handling of the DSIG.

Thank you and best regards,
Vladimir


-----Original Message-----
From: Cosimo Lupo [mailto:cosimo.lupo@daltonmaag.com] 
Sent: Tuesday, March 31, 2015 6:44 AM
To: public-webfonts-wg@w3.org
Subject: Question on DSIG and head flag 11

Hello,

I’d like to ask the Working Group about the correct interpretation of two related conformance requirements: namely, to drop the DSIG table from the input font data, and to set the flag 11 from the ‘head’ table.

It is not clear to me whether these requirements apply to TrueType-flavoured fonts only (i.e. containing ‘glyf’ and ‘loca’ tables), or also to CFF-flavoured fonts.

It is my understanding that a CFF-flavoured font does not undergo any "modifying transform" when it is compressed to WOFF2. Brotli (de-)compression is lossless and produce data which is bitwise identical. The only thing that could modify the overall checksum of the decompressed font, compared to the original input font, is a reordering of the table data, since this will change the offset values in the table directory. However, the spec does not say that an encoder should reorder tables, other than requiring loca to follow glyf (plus having them paired in font collections).  

So it appears a bit strange to me that — at least in the reference implementation —, for CFF fonts the only “modifying transform” that might “invalidate the DSIG” is… the very act of dropping of the DSIG!

Not that I like DSIG tables -- and I know that web browsers don’t care about it. But if one wants to get rid of it in WOFF2 fonts, I think the spec should be more clear as to the reasons for dropping it, and whether this equally involves TT- and CFF-flavoured fonts.

The examples put forward in the spec all have to do with TT-flavoured fonts:

> due to certain possible encoding variations (such as e.g. various 
> levels of optimization of outline point coordinates in the 'glyf' 
> table, or difference in offset calculations of the 'loca' table) […]

Finally, about the bit 11 of the ‘head’ flags, I guess that for the same reasons above this only applies to TT-flavoured fonts.

I’d be nice if the spec could be more clear about these two requirements.
Thanks a lot for you work,

--
Cosimo Lupo, Font Design, Dalton Maag Ltd 9th Floor, Blue Star House, 234-240 Stockwell Road, London, SW9 9SP, UK

Mobile: +44 7825 324360  London Office: +44 20 7924 0633

Registered office: Mutfords, Hare Street, Buntingford, SG9 0ED, UK Registered in England and Wales: 3103619

Received on Tuesday, 31 March 2015 14:11:22 UTC