W3C home > Mailing lists > Public > www-font@w3.org > July to September 1996

Re: Protecting WebFonts

From: Martin J Duerst <mduerst@ifi.unizh.ch>
Date: Tue, 27 Aug 1996 17:54:48 +0200 (MET DST)
To: gdr@cataneo.bitstream.com (Gary Ruben)
Cc: evb@knoware.nl, www-font@w3.org
Message-ID: <"josef.ifi..422:27.07.96.15.55.03"@ifi.unizh.ch>
Gary Ruben wrote:

>Security does not need to rely on secrets. A public key/private key
>encryption system uses published algorithms and has withstood the
>scrutiny of dozens, if not hundreds, of experts in cryptography.
>Everyone generally believes that the mechanism is as secure as we can
>possibly hope for - only governments have the resources required to
>break it.

Security does not need to rely on secrecy for encription passwords.
Thus you can encode and send an encripted credit card number to
a company and you are sure that nobody else will get this credit
card number given that the company keeps the docoding key and
the number itself secret.
But if you send your credit card number to a phony company, they
will do with it whatever they want, and tell it to everybody, even if
you sent it to them so that only they were able to decode it.

The same applies to fonts, only that for fonts, you have to send
them to whoever wants to view a page, not just to companies
accepted by credit card issuers, and that you don't have such
a quick and efficient feedback loop as with credit cards that
lets you detect problems within a month. Also, it's easy to
issue a new credit card number, but it's not possible to issue
a new font.

So encription is of much less help for protecting fonts than
for protecting credit card numbers and other things.

Regards,	Martin.
Received on Tuesday, 27 August 1996 11:55:50 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:01:37 UTC