Re: DSIG and other issues

On Wed, May 21, 2014 at 2:27 PM, Levantovsky, Vladimir
<Vladimir.Levantovsky@monotype.com> wrote:
> Thank you David for raising many good points.
> I think that resigning the font by a browser should be possible, and this is where an additional bit set in the 'head' table (flags, bit 11) to indicate that the font was subjected to a content-aware transform would be helpful. So far, I have not heard about any legal implications of doing this - I don't say there are none, but I am not aware of any. There is an ongoing discussion about DSIG on the OTspec list, where various proposals (including the one to deprecate the DSIG) were brought up and are being discussed. The major concern that many folks expressed is that the DSIG failed to deliver any sensible protection (there are no apps or rendering solutions that would check the DSIG integrity before using a font in question), and many folks argue that the presence of DSIG is actually detrimental because it may create a false sense of security protection that isn't really there.
>
> I suggest that we as a group should make every possible effort to collect more info about DSIG and possible implications of removing one from a font, and have it discussed in one of the upcoming telcons.

That sounds good.  I really like Behdad's proposal of having the WOFF
2.0 conversion tools remove all of the signatures from the DSIG table
(and thus allowing the empty table through).
>
> Sergey, is there any chance you may be able to shed more light on the specifics of DSIG processing in Win APIs, what APIs are affected (DirectWrite, etc.)?

Thank you in advance Sergey!  Thank you Vlad!

Received on Wednesday, 21 May 2014 21:36:36 UTC