- From: Levantovsky, Vladimir <Vladimir.Levantovsky@MonotypeImaging.com>
- Date: Thu, 2 Jul 2009 15:51:47 -0400
- To: "Mikko Rantalainen" <mikko.rantalainen@peda.net>, "www-font" <www-font@w3.org>
On Thursday, July 02, 2009 9:55 AM Mikko Rantalainen wrote: > > Levantovsky, Vladimir wrote: > > EOT version 1.0 doesn’t even have a place for root string to be > > inserted. I’d assume that the only difference between EOT 1.0 and EOT > > Lite would be compression (which is optional for authors to use but > is > > required for UA to support). I guess EOT Lite just removes that > > option. > > I want to make sure we're on the same map here. Do you think that > Monotype and other commercial font vendors would be happy with EOT Lite > given the following status: > > (1) EOT Lite font files do not include rootstrings > (2) EOT Lite font files do not include compression > (3) EOT Lite font files do not require same-origin restrictions > > Note that (1) and (2) are required so that Firefox, Safari and Opera > can implement EOT Lite. The (3) is required for MSIE compatibility, so > we have no choices here. I think I can live without root strings if another mechanism for access control (CORS) is present. Older IE versions will not support it but new browser versions (Safari, Firefox and others, including IE9) would, and this would be sufficient. On point (2), I can live without it but I truly believe that compression is useful and needed, and it would be a mistake not to do it - with MTX offered with unrestricted license any browser can implement it. > > Combining (1), (2) and (3) gets you the result that any EOT Lite font > file accessible on the net can be linked by any CSS file anywhere. And > that CSS file can be linked by an HTML page from anywhere. > > You do realize that this does not prevent linking and using EOT Lite > font files without a proper license and there's no protection of any > kind except that one cannot simply copy EOT Lite font file into his > operating system's font folder? One can copy an EOT Lite font file from > a remote server to his own server and it would work just fine. Like I said earlier, I think that same-origin restriction and CORS could be part of this EOT Lite solution even though older IE versions will not support it. Another, less desirable but possible solution is to use a Referrer value on a server side to prevent hot-linking. > > If this is all okay, I'm for it. In practice, the results are: > > (A) true interoperability between browsers (including MSIE) > (B) prevent interoperability with the OS (for now) > > The (A) comes with the cost of requiring a new font format (for > everyone else but Microsoft) but it has the benefit of being compatible > with MSIE. The (B) is a side-effect of (A) and can be fixed by OS > vendors. > > -- > Mikko
Received on Thursday, 2 July 2009 19:52:23 UTC