W3C home > Mailing lists > Public > www-style@w3.org > June 2009

Re: New work on fonts at W3C

From: Anne van Kesteren <annevk@opera.com>
Date: Tue, 23 Jun 2009 17:26:25 +0200
To: "Brad Kemper" <brad.kemper@gmail.com>
Cc: "Mikko Rantalainen" <mikko.rantalainen@peda.net>, Fran├žois REMY <fremycompany_pub@yahoo.fr>, "Robert O'Callahan" <robert@ocallahan.org>, "CSS 3 W3C Group" <www-style@w3.org>
Message-ID: <op.uvzg6bbk64w2qv@annevk-t60>
On Tue, 23 Jun 2009 16:16:17 +0200, Brad Kemper <brad.kemper@gmail.com> wrote:
> On Jun 23, 2009, at 2:30 AM, Anne van Kesteren wrote:
>> Imposing restrictions is something the WG considered to be out of scope  
>> very early on for reasons I and others already explained.
>
> The only reasons I've heard have either been absurd, or left requests  
> for clarification unanswered.
>
> It seems absurd to me that if a Web site owner indicated that certain  
> images were not to be used in cross-site linking, that there would be  
> massive breakage of the Web, [...]

That is not the only concern, though even if you disagree a feature that has negative impact when incorrectly used on clients that support it is certainly considered to be problematic by implementors. The other concern is that a simple proxy server can circumvent the limitation in most cases (when credentials are not involved).


> [...] presumably because so much of the Web  
> depends on copyright violation, and violation is more important than  
> protection.

This has nothing to do with it.


> [...] I don't see that there is really that much violation going  
> on though. Either resources are copied outright, or the images are not  
> intended to be restricted, or the only people that would be effected by  
> the restrictions are thieves that would be just as foiled (at least  
> temporarily) by the image owner removing the image or moving it to a  
> different directory. That hardly sounds to me like something that would  
> cause massive breakage.

No, end users would be affected.


> Besides images, a restrictive header could also be used to prevent  
> illegal iframing of pages, such as what currently aids phishing attacks  
> and click-jacking.

CORS is not a solution for this. (Also, solutions for this particular problem are floating around, but there's no agreement yet on what exactly it should be.)


> Blocking ALL cross-site linking to a particular file type and then  
> turning it off on a case-by-case basis (such as Firefox 3.5 will) is a  
> much blunter hammer than just letting the site owners determine what  
> they do and do not want restricted and then honoring that decision.

Yeah, as I said I do not really think what Gecko does here is the way to go.


>> The WHATWG has nothing to do with CORS. The W3C WebApps WG is working  
>> on it. If people want to continue debating CORS I suggest they  
>> subscribe to public-webapps@w3.org and make coherent proposals there.
>
> I don't care that much about all Web apps, but this one seems to have  
> particular relevance to the issue here. If the draft of a standard on  
> resource sharing is going to allow headers that say what sites can  
> share, but refuse to use those to restrict access from other sites, then  
> we (site owner/authors/font-licensees and foundries) are forced to look  
> for some other way. We end up spinning our wheels trying to make CSS or  
> the font itself restrict access, instead of handling it in the place  
> that would be most natural.

I do not see why fonts ought to get special treatment and cannot be treated just like images, videos, etc.


-- 
Anne van Kesteren
http://annevankesteren.nl/
Received on Tuesday, 23 June 2009 15:27:11 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 17:20:18 GMT