W3C home > Mailing lists > Public > www-font@w3.org > October to December 1997

Re: IE4 font security flaw (fwd)

From: Daniel Will-Harris <Daniel@Will-Harris.com>
Date: Fri, 24 Oct 1997 11:22:49 -0700
To: <www-font@w3.org>, "MegaZone" <megazone@livingston.com>
Message-ID: <01bce0a9$d569b220$274204c7@dwh>
>2. I don't agree that they need to fix anything.  Now, my understanding is
>that if the bit were set correctly on the font in the first place, IE is
>no less secure than any other application using the same fonts.  The issue
>is the fonts being downloadable as a distribution system and then being
>hijacked and kept.  But if the font foundaries had set the bit correctly
>to start with it wouldn't be an issue.  It looks to me like the foundaries
>made the mistake, and now you're whining that MS needs to bail them out
>but adding *another* level of control to supercede the one there now.

There's a big difference between embedding a font in a Word or PowerPoint
document and sending it to someone else at an office, and embedding it in a
web page that the world can view and extract from.

At the time embedding bits were set (and the spec was changed several
times--once even after some vendors had already set their fonts), the
"stakes" were far different than they are now.

Your "you've made your bed now lie in it" approach is neither realistic or
fair. When a major player changes the rules, then the other players need an
opportunity to change their strategies, too.

]) /\ |\| | (- |_
--------------------------------------------------
http://www.will-harris.com
Home of EsperFonto
Daniel@Will-Harris.com
Read my new Opinion Column at
http://news.i-us.com/wire/
Received on Friday, 24 October 1997 14:46:50 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:01:38 UTC