- From: Tab Atkins Jr. <jackalmage@gmail.com>
- Date: Sat, 18 Jun 2011 10:17:09 -0700
- To: Glenn Adams <glenn@skynav.com>
- Cc: John Hudson <tiro@tiro.com>, W3C Style <www-style@w3.org>, 3668 FONT <public-webfonts-wg@w3.org>, "www-font@w3.org" <www-font@w3.org>
On Fri, Jun 17, 2011 at 6:47 PM, Glenn Adams <glenn@skynav.com> wrote: > I interpret the prevention of "leakage" as a form of content protection, > albeit a weak one. The way you seem to be defining the term (such that it's suggesting copyright enforcement or similar things), no, it's not at all, not even weakly. By "info leakage" I mean the leak of secret information guarded by the user's credentials, which the web somewhat-unfortunately allows arbitrary websites to embed. We've learned over time that embedding rights eventually translate to reading rights via information leaks. > In any case, a font file format (WOFF) and a font referencing system > (@font-face) do not need to have a security story. Describing fonts (the > format) and referring to them (the referencing system) does not require them > to be accessed. Access is part of the UA regime, and if there is policy and > controls on access, it should be defined at the UA layer, not the file > format or reference layer. The use of fonts on the web needs these sorts of restrictions. Do you have a concrete reason why they shouldn't be specified as they are (perhaps you're implementing CSS in a non-web context and don't believe the restrictions are useful in your context), or are you objecting on theoretical purity concerns? ~TJ
Received on Saturday, 18 June 2011 17:17:57 UTC