Re: Q: How can you tell when a web font technology gone mainstream? from Ned Holbrook on 2019-01-14 (public-webfonts-wg@w3.org from January 2019)

From: Ned Holbrook <ned@apple.com>
Date: Mon, 14 Jan 2019 14:22:25 -0800
To: Jonathan Kew <jfkthame@gmail.com>
Cc: public-webfonts-wg@w3.org
Message-id: <FA91DED1-2034-40C2-8D63-A63AE2E46D34@apple.com>

Indeed. DSIG is only a clue to provenance, not intent.

> On Jan 14, 2019, at 5:33 AM, Jonathan Kew <jfkthame@gmail.com> wrote:
> 
> Suppose we required webfonts to have valid DSIG signatures, or something like that. What difference would it make here? None, afaict; the bad guy could just sign the font and proceed in exactly the same way. A signature does nothing to guarantee that the font resource isn't going to mislead the reader.

Received on Monday, 14 January 2019 22:23:39 UTC