W3C home > Mailing lists > Public > www-font@w3.org > July to September 2009

Re: The other party in all this

From: Christopher Fynn <cfynn@gmx.net>
Date: Mon, 06 Jul 2009 12:02:37 +0600
Message-ID: <4A51937D.8070007@gmx.net>
To: www-font@w3.org
CC: Thomas Phinney <tphinney@cal.berkeley.edu>, John Hudson <tiro@tiro.com>, "Tab Atkins Jr." <jackalmage@gmail.com>, John Daggett <jdaggett@mozilla.com>
Unless you resort to something like a proprietary font format requiring 
a special browser plug-in to run and proprietary tools to generate 
nothing is going to provide a significant obstacle (more than a 
"garden-fence") to tampering or extracting font data.

If some web-font format becomes widespread or mandatory you can sure it 
won't be long before someone creates a web-font to ttf/otf converter. 
Someone else might then re-convert them back to web-fonts and so-on. 
Trouble is such re-generated fonts may then be different enough from the 
fonts they ultimately derive from, that they become harder to discover 
and prove they are copies - or who copied what from whom.

- Chris

Thomas Phinney wrote:
> On Sun, Jul 5, 2009 at 9:25 PM, John Hudson<tiro@tiro.com> wrote:
>> Tab Atkins Jr. wrote:
>>
>>> For example, you could add in the font name, purchaser's name, and a
>>> unique serial number identifying the sale.  To prevent tampering, sign
>>> all of it with your private key.  Anyone can then verify the
>>> information with your public key (which you can even put into the font
>>> metadata next to all the other data), but they can't change it short
>>> of breaking the basis of all modern cryptography (and then you've got
>>> a lot more to worry about than people infringing on your copyright).
>> Some vendors are already adding such information to fonts, automatically at
>> point of sale, and digitally signing the fonts. This is currently being done
>> in private font tables, but a standard table might also be defined. There
>> has also been some talk of methods for watermarking fonts  la images.
> 
> Although this is fine as far as it goes, it does NOT "prevent
> tampering." Remember, the font is not encrypted, just signed. Somebody
> deletes the signature and the custom data, and it's untraceable which
> customer the font came from.
> 
> That doesn't mean it's not worth doing. It's another post in the
> garden fence, is all.
> 
> Cheers,
> 
> T 
Received on Monday, 6 July 2009 06:03:31 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Saturday, 11 June 2011 00:14:02 GMT