W3C home > Mailing lists > Public > www-font@w3.org > July to September 2009

Re: FW: EOT-Lite File Format

From: John Hudson <tiro@tiro.com>
Date: Sun, 02 Aug 2009 19:40:09 -0700
Message-ID: <4A764E09.9000206@tiro.com>
CC: www-font <www-font@w3.org>
Robert O'Callahan wrote:

> It is clear, however, that if you only have the ability to upload files 
> to a Web server, but you can't configure it to the level of examining 
> Referer headers, then you won't be able to use Referer checking while 
> you could still use rootstrings, however painful they might be in your 
> workflow. It is also well-known that many firewalls strip Referer 
> headers so users behind those firewalls will never see fonts controlled 
> by Referer checking. That is why I think rootstrings would more 
> attractive to authors than Referer checking.

Aha. So the concern is not font vendors requiring rootstrings per se, 
but authors preferring rootstrings as a method to meet more generally 
phrased EULA requirements. Interesting.

I think font makers have understood pretty well now that rootstrings are 
anathema to most browser makers, and that no web font format is going to 
  fly that requires browsers to enforce rootstrings. This was understood 
by most of my colleagues prior to the TypeCon panel session, and was 
certainly made plain there. Given that many font developers are not 
following this discussion directly, most are probably focused on 
.webfont and understand that the URL info in that format specifically 
does not obligate browsers to take any action. I don't think they will 
expect differently from EOTL if the immediate focus shifts to that 
format. Indeed, because the proposed EOTL version string makes the 
presence of rootstrings invalud, I think it will be a non-issue for the 
font makers.


That said, I expect a great many web fonts commercially licensed from 
font makers to contain URL data, either at the wrapper level in 
something like .webfont, or in the font data itself in either a private 
or to-be-standardised table regardless of the web font format. Browsers 
won't be required to do anything with this information, of course, and 
in the case of a font table won't even be aware that the data is there 
(unrecognised font tables are ignorable). This information may be 
required in the EULA, though, and provides a means to check whether a 
font is being hotlinked from an unauthorised URL.

JH
Received on Monday, 3 August 2009 02:40:50 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Saturday, 11 June 2011 00:14:03 GMT