W3C home > Mailing lists > Public > www-font@w3.org > July to September 2009

Re: FW: EOT-Lite File Format

From: Robert O'Callahan <robert@ocallahan.org>
Date: Mon, 3 Aug 2009 10:22:11 +1200
Message-ID: <11e306600908021522w5daadcds7718f15b31a4c40c@mail.gmail.com>
To: Sylvain Galineau <sylvaing@microsoft.com>
Cc: John Hudson <tiro@tiro.com>, www-font <www-font@w3.org>
On Mon, Aug 3, 2009 at 7:46 AM, Sylvain Galineau <sylvaing@microsoft.com>wrote:

> I do respect Roc's extremely well-informed opinion but we - at least I- may
> wish to do more due diligence. It was not so long ago that arguments were
> leveled
> against EOT's rootstring feature on two grounds: first, that they are
> painful to manage in practice and unlikely to be used when other methods,
> while not as reliable, already exist that are used to protect other
> resource
> types from hot-linking and other abuse. Second, that a user agent which
> ignores such rootstrings might be circumventing access control measures
> under the DMCA. As a non-lawyer who has no way of judging the validity of
> the latter concern when - it has only been asserted by other non-lawyers so
> far -
> I remain confused by the apparent 180, from : rootstrings are unusable in
> practice,
> and ignoring them might be illegal. To: roostrings are better than the
> alternatives,
> it is perfectly OK to ignore them.
>

I'm not a Web developer so I also would appreciate more feedback on these
issues.

It is clear, however, that if you only have the ability to upload files to a
Web server, but you can't configure it to the level of examining Referer
headers, then you won't be able to use Referer checking while you could
still use rootstrings, however painful they might be in your workflow. It is
also well-known that many firewalls strip Referer headers so users behind
those firewalls will never see fonts controlled by Referer checking. That is
why I think rootstrings would more attractive to authors than Referer
checking.

I don't know of any other technique to provide the sort of access control
that Ascender's license is asking for, for users with IE<=8.

I'm no lawyer but, while the legal issues need to be checked out, I hope
that they'd turn out not to be a problem.

I think "rootstrings are unusable in practice" is an exaggeration of my
position. "Rootstrings are bad, the alternatives that work for IE<=8 are
worse" is a better statement of my position :-).

Rob
-- 
"He was pierced for our transgressions, he was crushed for our iniquities;
the punishment that brought us peace was upon him, and by his wounds we are
healed. We all, like sheep, have gone astray, each of us has turned to his
own way; and the LORD has laid on him the iniquity of us all." [Isaiah
53:5-6]
Received on Sunday, 2 August 2009 22:22:52 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Saturday, 11 June 2011 00:14:03 GMT