Re: EOT-Lite File Format

On Thu, 2009-07-30 at 16:31 -0700, John Daggett wrote:
> Thomas Lord wrote:
> 
> > > EOT-Lite header validation:
> > 
> > > 1. Check that MagicNumber is 0x504C.
> > > 2. Check that the version number is either 0x00010000, 0x00020001, or 0x00020002.
> > > 2. Check that Flag bits TTEMBED_TTCOMPRESSED and TTEMBED_XORENCRYPTDATA are not set.
> > >
> > > If any of these checks fail, the font is not loaded.  The font is
> > > activated by loading the data at offset (EOTSize - FontDataSize) of
> > > length (FontDataSize) as a normal OpenType font.
> 
> > [Regarding your second item #2 as #3, as presumably
> > intended.]
> 
> Argh, yes.
> 
> > When you say "the font is not loaded" do
> > you mean MUST, MAY, or SHOULD?
> 
> For implementations *only* supporting EOT-Lite, the font is not
> loaded.  No exceptions. 


I think we have a problem there.  What you describe
is a DRM-via-standards mechanism - the very problem
that EOT-lite supposedly cures.   This is probably
a minor problem rather than one that needs to cause
a split (is my take on the tone and content of the
discussion).



>  May the Lord strike you down if you do (pun
> intended). 

The other one people like to use are puns based
on the famous actor Jack Lord of the old TV show
Hawaii 5-0.  Also, Google tells me that Thomas
Lord is a famous porn store, apparently of somewhat
infamous physiological proportions in some regards --
no affiliation.  I suspect that the surname was 
adopted somewhere in the 19th or 20th centuries as,
indeed, a kind of joke but I'm not sure - I just
inherited it.  The lifelong experience that is kind
of amusing is the frequency of occurrences of people
taking down my name and clearly reacting as if "Oh,
that's got to be a fake name."  Go figure.


> > If EOT-lite becomes the recommendation, is the
> > previously discussed patent de-encumberence of MTX
> > included in the deal?

> No, as currently defined EOT-Lite does not include MTX compression.

That's something that will come up as things move
forward.  I think that's a problem.  Can we hear
from Monotype on that?  Maybe they wouldn't mind
if MTX patents became safe to implement if EOT-lite
is adopted.  Otherwise, we wind up with an arguably
discriminatory Recommendation.


> > Similarly, all three checks should be stated affirmatively rather
> > than negatively.  If the magic number and version numbers check out
> > and if the flag bits of interest are 0 then the browser MUST render
> > the font.  That is importantly different from "MUST NOT" in the case
> > where those checks don't pass.

> Whether the font is loaded will naturally be based on
> implementation-specific validity checks.  It's not possible to list
> all possible validity checks, this will change as threats occur.
> Conversely, things like bad head table checksums are probably not part
> of these validity checks since no font tool seems to view these as
> a validity problem.

Positive assertions ("MUST render when ....") are better
than negative ("MUST NOT render when ....").

-t

Received on Friday, 31 July 2009 00:10:22 UTC