W3C home > Mailing lists > Public > www-font@w3.org > April to June 2011

Re: css3-fonts: should not dictate usage policy with respect to origin

From: Tab Atkins Jr. <jackalmage@gmail.com>
Date: Sat, 18 Jun 2011 10:17:09 -0700
Message-ID: <BANLkTin6b+TbobuTKQE+z6DaVhW5+X7PMA@mail.gmail.com>
To: Glenn Adams <glenn@skynav.com>
Cc: John Hudson <tiro@tiro.com>, W3C Style <www-style@w3.org>, 3668 FONT <public-webfonts-wg@w3.org>, "www-font@w3.org" <www-font@w3.org>
On Fri, Jun 17, 2011 at 6:47 PM, Glenn Adams <glenn@skynav.com> wrote:
> I interpret the prevention of "leakage" as a form of content protection,
> albeit a weak one.

The way you seem to be defining the term (such that it's suggesting
copyright enforcement or similar things), no, it's not at all, not
even weakly.

By "info leakage" I mean the leak of secret information guarded by the
user's credentials, which the web somewhat-unfortunately allows
arbitrary websites to embed.  We've learned over time that embedding
rights eventually translate to reading rights via information leaks.


> In any case, a font file format (WOFF) and a font referencing system
> (@font-face) do not need to have a security story. Describing fonts (the
> format) and referring to them (the referencing system) does not require them
> to be accessed. Access is part of the UA regime, and if there is policy and
> controls on access, it should be defined at the UA layer, not the file
> format or reference layer.

The use of fonts on the web needs these sorts of restrictions.  Do you
have a concrete reason why they shouldn't be specified as they are
(perhaps you're implementing CSS in a non-web context and don't
believe the restrictions are useful in your context), or are you
objecting on theoretical purity concerns?

~TJ
Received on Saturday, 18 June 2011 17:18:04 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Saturday, 18 June 2011 17:18:05 GMT