- From: John Hudson <tiro@tiro.com>
- Date: Sun, 05 Jul 2009 22:37:13 -0700
- To: Thomas Phinney <tphinney@cal.berkeley.edu>
- CC: "Tab Atkins Jr." <jackalmage@gmail.com>, John Daggett <jdaggett@mozilla.com>, www-font@w3.org
Thomas Phinney wrote: > Although this is fine as far as it goes, it does NOT "prevent > tampering." Remember, the font is not encrypted, just signed. Somebody > deletes the signature and the custom data, and it's untraceable which > customer the font came from. Independent of the web font format per se, I wonder what options might exist to strengthen this aspect of OT in future. The dsig mechanism was designed, as David Berlow memorably put it, to protect the user from the font not the font from the user, i.e. it was intended as a means of assuring e.g. network administrators of the origin and untampered-with status of a font file. There seems to me room for a different signing model that would be less easy to bypass. John Hudson
Received on Monday, 6 July 2009 05:37:55 UTC