W3C home > Mailing lists > Public > public-webfonts-wg@w3.org > October 2010

Re: non-normative best practices & file caching

From: John Hudson <tiro@tiro.com>
Date: Fri, 01 Oct 2010 15:47:16 -0700
Message-ID: <4CA664F4.2020403@tiro.com>
To: Sergey Malkin <sergeym@microsoft.com>
CC: Christopher Slye <cslye@adobe.com>, Håkon Wium Lie <howcome@opera.com>, public-webfonts-wg@w3.org
I suggest the following for the section 1 note text, incorporating 
Sergey's suggestion re. 'made available for use' and Håkon's reference 
to caching:
The WOFF format is intended for use with @font-face to provide 
downloadable fonts linked to specific web pages. It is therefore 
recommended that WOFF files should not be treated as an installable font 
format in desktop operating systems or similar environments. The 
WOFF-packaged data will typically be decoded to its original sfnt format 
for use by existing font-rendering APIs that expect OpenType font data, 
but such a decoded font should not be exposed as a file on disk, and 
while it is acceptable for clients to store decoded files in a cache, 
such files should not be installed or otherwise made available for use 
by other processes or documents on the system.

Sergey wrote:

 > ...this is one of things people did not like about raw
 > fonts lying around on user's disks. With unpacked fonts
 > cached, users will be able to grab naked OpenType font
 > binary, stripped form WOFF metadata or private data.
 > Some encryption/obfuscation may be welcome.

It would certainly be welcome. I wonder if, presuming existing models 
for such encryption or obfuscation already exist for other cached data, 
we might recommend and reference one as part of the WOFF documentation?

Received on Friday, 1 October 2010 22:47:52 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:04:23 UTC