W3C home > Mailing lists > Public > www-style@w3.org > November 2008

Re: CSS3 @font-face / EOT Fonts - new compromise proposal

From: Boris Zbarsky <bzbarsky@MIT.EDU>
Date: Mon, 10 Nov 2008 23:57:59 -0500
Message-ID: <491910D7.4090001@mit.edu>
To: Thomas Phinney <tphinney@adobe.com>
CC: "www-style@w3.org" <www-style@w3.org>

Thomas Phinney wrote:
> 1) Who turns access control on? Is it essentially up to the browser vendors to decide a given class of resource should have access control on by default?

Yes.

> 2) Can remote sites avoid the access control restrictions simply by adding a word or two to the HTML referencing the remote font?

No.

> 3) Why is nobody worried about access control being a DMCA-covered issue? Not just for fonts, but for any resources that use it? Is it because the answer to my question #2 above is "yes"?

Because there is no issue of additional controls on access here.  The 
data is public (modulo cookies, etc).  If you access it via wget (or 
heck, telnet to port 80) you will get it (again, modulo cookies).  Since 
the data is only being exposed to those explicitly authorized to get it 
(everyone, the user with cookies, etc, depending on the site 
configuration) there is no circumvention of anything going on.

At least as far as I can see.

-Boris
Received on Tuesday, 11 November 2008 04:58:49 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 27 April 2009 13:55:16 GMT