W3C home > Mailing lists > Public > www-font@w3.org > July to September 2009

Re: The other party in all this

From: Thomas Phinney <tphinney@cal.berkeley.edu>
Date: Sun, 5 Jul 2009 21:50:16 -0700
Message-ID: <f49ae6ac0907052150j11257fccge691d149e5c11bd2@mail.gmail.com>
To: John Hudson <tiro@tiro.com>
Cc: "Tab Atkins Jr." <jackalmage@gmail.com>, John Daggett <jdaggett@mozilla.com>, www-font@w3.org
On Sun, Jul 5, 2009 at 9:25 PM, John Hudson<tiro@tiro.com> wrote:
> Tab Atkins Jr. wrote:
>
>> For example, you could add in the font name, purchaser's name, and a
>> unique serial number identifying the sale. To prevent tampering, sign
>> all of it with your private key. Anyone can then verify the
>> information with your public key (which you can even put into the font
>> metadata next to all the other data), but they can't change it short
>> of breaking the basis of all modern cryptography (and then you've got
>> a lot more to worry about than people infringing on your copyright).
>
> Some vendors are already adding such information to fonts, automatically at
> point of sale, and digitally signing the fonts. This is currently being done
> in private font tables, but a standard table might also be defined. There
> has also been some talk of methods for watermarking fonts  la images.

Although this is fine as far as it goes, it does NOT "prevent
tampering." Remember, the font is not encrypted, just signed. Somebody
deletes the signature and the custom data, and it's untraceable which
customer the font came from.

That doesn't mean it's not worth doing. It's another post in the
garden fence, is all.

Cheers,

T
Received on Monday, 6 July 2009 04:50:56 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Saturday, 11 June 2011 00:14:02 GMT