W3C home > Mailing lists > Public > www-style@w3.org > November 2008

Re: CSS3 @font-face / EOT Fonts

From: Mikko Rantalainen <mikko.rantalainen@peda.net>
Date: Thu, 13 Nov 2008 14:51:39 +0200
Message-ID: <491C22DB.4030002@peda.net>
To: www-style@w3.org
Brad Kemper wrote:
> You must be joining the conversation late. The goal at this point  
> seems to be to make stealing the font a more deliberate action, not  
> something that could happen accidentally or casually.

Do you require the browser to prevent usage of a stealed font or is it
enough that it's possible to prove that the font is not licensed?

I ask this, because for the first the browser must be able to decide if
the font is correctly licensed for a given usage (a *very* hard task
given the current licensing options for commercial fonts) and a good
solution does not exist.

If the only target is to make it possible to check if, and for who, a
font is licensed, all you need is a digital signature. That can be added
to font files by commercial font vendors. The signature information
could include licensee name and contact information and the whole stuff
is then signed with font vendor's private key. The signature can be
later verified against vendor's public key by any user (or user agent).
The font vendor can even publicly declare that it does not license fonts
without signatures and that any font file that claims to be made by said
vendor and does not contain vendor's signature is a pirate font. UAs
could then respect that claim if they so choose (most UAs probably would).

However, the machinery needed to *prevent copying* of the font file,
removing the signature, forging the font vendor information and
resigning the font file for another signature cannot be prevented (did I
already say that DRM system do not work?).

-- 
Mikko


Received on Thursday, 13 November 2008 12:52:20 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 27 April 2009 13:55:17 GMT