W3C home > Mailing lists > Public > www-style@w3.org > November 2008

Re: CSS3 @font-face / EOT Fonts

From: Boris Zbarsky <bzbarsky@MIT.EDU>
Date: Wed, 05 Nov 2008 09:45:06 -0500
Message-ID: <4911B172.9090807@mit.edu>
To: Thomas Phinney <tphinney@adobe.com>
CC: "www-style@w3.org" <www-style@w3.org>

Thomas Phinney wrote:
> As I read it, access control is designed to protect users, not content.

Access control is designed to protect a site from having its data 
fetched by other sites.

> Web sites merely need to add one additional word in their HTML/CSS code to avoid access control restrictions for each font used. Is this not correct?

Not quite, no.  They need to change their server configuration to send 
the appropriate headers for those files.  They _can_ do this if they 
wish to allow everyone to use them, but of course that may put them in 
violation of the font's license.  But that's their conscious decision, 
and they could just as easily make that decision by posting TTFs on 
their website right now.  The key here is that using access control 
allows a site to use a font file for itself without exposing it to 
deep-linking from other sites by default.

> 2) That the web font file NOT work on Mac and Windows OS as a regular system-level font if dropped in the system fonts folder, without any other processing.

That doesn't seem like a very useful restriction; it's pretty easy to 
circumvent in the case of EOT.  So people who want to do this will still 
be able to with EOT...  Do you know what the reasoning for wanting this is?

-Boris
Received on Wednesday, 5 November 2008 14:46:23 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 27 April 2009 13:55:16 GMT