W3C home > Mailing lists > Public > www-font@w3.org > July to September 2009

Re: EOT & DMCA concerns

From: Thomas Lord <lord@emf.net>
Date: Tue, 04 Aug 2009 10:38:23 -0700
To: "Tab Atkins Jr." <jackalmage@gmail.com>
Cc: Thomas Phinney <tphinney@cal.berkeley.edu>, John Hudson <tiro@tiro.com>, www-font@w3.org
Message-Id: <1249407503.6196.60.camel@dell-desktop.example.com>
On Tue, 2009-08-04 at 12:23 -0500, Tab Atkins Jr. wrote:

> Indeed, that's a potential problem if anyone were suggesting that
> browser vendors should parse EOT files and ignore the rootstrings.
> 
> I questioned the relevance of this because no one has suggested that.

Which leaves the EOTL proposal in the uncomfortable 
situation of insisting that rootstrings be enforced - 
if not by honoring them then by rejecting any and all
files that contain one.

Poor HÃ¥kon would be getting angry bug reports from
people who use set ups that generate EOTC and who have
heard that Opera has *some* kind of EOT support - so
why do their fonts work in IE but not Opera?  And he'll
be legally encumbered from changing Opera so as to 
satisfy the filers of those bugs.

Poor Dagget might eventually find that Firefox has
had an EOTL bug for a year or two that results in
the accidental rendering of some EOTC fonts.  Worse,
perhaps resulting in some number of sites "in the wild"
that rely on this bug.

There is a legal minefield surrounding strict
EOTL unless there is broad agreement that the
intention is for people to be free to implement
EOTC while ignoring the "protection" features.

> In specific, the EOTL proposals do not suggest that.  

No, they suggest that UAs not implementing EOTC
MUST reject EOTC files.


> The EOTL1.1
> format is based on an EOT version without rootstrings.  Even in the
> hypothetical EOTLwrip format, a conformant application can distinguish
> between EOTLwrip and plain EOT with rootstrings, and can correctly
> enforce the rootstrings in the latter (or drop the file on the floor,
> if they don't want to support rootstrings).
> 
> The EOTLwrip format explicitly does not have rootstrings.  It has
> several padding areas filled with explicitly meaningless bits.  There
> is nothing at any point in the specification that is intended or
> implied to act as a protection measure, no matter how meager.  An EOT
> file with rootstrings cannot be confused for an EOTLwrap file in a
> conformant application.
> 
> The EOTL1.1 format explicitly does not have rootstrings.  It has
> several padding areas filled with explicitly meaningless bits.  An EOT
> file with rootstrings is formatted incorrectly for an EOTL1.1 file,
> and will be rejected by a conformant application (at least, rejected
> by the EOTL-parsing codepath).


It's interesting that if a second browser 
happened to use exactly the same algorithms
as IE to implement EOTL compatibility, they
would be in patent trouble.   And if a patch
were made that disabled rootstring enforcement
in that algorithm, they'd be in DMCA territory.

EOTL is surrounded by a legal minefield.
And strict EOTL won't handle a single font
that is found in the wild or the font output 
by any but one very recently written program.
Which is an odd place to wind up when discussion
of EOT variants was taken up to achieve downward
compatibility.

-t


> ~TJ
Received on Tuesday, 4 August 2009 17:39:04 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Saturday, 11 June 2011 00:14:03 GMT