- From: Tab Atkins Jr. <jackalmage@gmail.com>
- Date: Fri, 3 Jul 2009 15:01:07 -0500
- To: Mikko Rantalainen <mikko.rantalainen@peda.net>
- Cc: "www-font@w3.org" <www-font@w3.org>
On Fri, Jul 3, 2009 at 4:22 AM, Mikko
Rantalainen<mikko.rantalainen@peda.net> wrote:
> Thomas Lord wrote:
>> On Thu, 2009-07-02 at 23:07 +0000, Sylvain Galineau wrote:
>>> For all the rhetoric on this mailing list and others, font
>>> vendors are not asking for DRM. They never did.
>>
>> Microsoft did:
>>
>> http://www.w3.org/Submission/2008/SUBM-EOT-20080305/#RootString
>>
>> 4.3.1 RootString Usage
>> User Agents must validate that the page using the embedded font is
>> within the list of URLs from which the embedded font object may be
>> legitimately referenced.
>
> I agree with Thomas that if W3C recommends a font format, it MUST NOT
> include a requirement ("MUST") for honoring the embedded RootString.
>
> I'd accept a "SHOULD" or "MAY" as in "User Agents SHOULD/MAY validate
> that the page using the embedded font is within the list of URLs from
> which the embedded font object may be legitimately referenced." (This
> allows a vendor to not implement such check for
> interoperability/ideological/any other reasons.)
>
> Using "MUST" there is a requirement for a DRM system (no matter how
> trivial it would be to break that system).
If we're not going to use rootstrings in *some* places, we have to not
use them *everywhere*. A hypothetical consensus proposal around EOT
would have to "MUST" a yay or nay on rootstrings; it can't leave that
up to the browsers without interop nightmares.
Legacy IE versions would obviously violate the spec, but that's okay.
Legacy EOT use is relatively small, and I suspect most of it is
same-origin anyway (that's the whole reason that same-origin is so
easy for authors - almost all of the content they deploy on a normal
basis is same-origin).
~TJ
Received on Friday, 3 July 2009 20:02:02 UTC