- From: <lee@sq.com>
- Date: Sat, 10 Aug 96 16:23:11 EDT
- To: acb@cs.monash.edu.au, gtn@ebt.com
- Cc: www-font@w3.org
acb@cs.monash.edu.au (Andrew C. Bulhak) wrote: [...] > One way around this may be to adapt a technique from the computer virus > "industry"; namely polymorphic code. Have the program which generates > font applets (each with a limited scope) perform transformations on the > code to perturb it. The trouble is that once someone has spent four months slaving away to produce FontBreaker, anyone can use it easily. I only know one mechnism that works at all well: random encodings. Unfortunately, this renders the text unintelligible for readers without the font, so won't do for us. It would work for printing, though. The idea is that you re-encode the font so that position 65 (say), instead of containing an A, might have an `e'. Now, this is a simple cypher, but the point is that the obvious way to reverse it and restore the original encoding involves going into a font editor and actually looking at each glyph & deciding what it is. I.e. hand work, and too much trouble for most people to go to. Of course, once it's done, someone could post the `corrected' font. And if you can deduce the algorithm for randomising the encoding vector, you can immanentise the escutcheon, so to speak. Some TeX PS drivers used to do this, and so did SoftQuad's troff HPLJ driver, because the font was built up on the fly, so the characters were added to a font-built-on-the-fly in the order in which they were seen in the output. It really makes life hard for people who want to do text searching in Acrobat :-) So possibly if outline fonts were `lightly encrypted' between server and browser, e.g. with 40-bit public key or modified DES, and stored thus in the browser's cache, and even more lightly obfuscated on their way to the printer, and not actually installed into the system during use, but entirely internal to the browser, there would be many fewer difficulties. The `light encryption' between browser and server might involve the IP address of the server, for example, so that merely taking a copy of a font and putting it up on your server would give you an object that wouldn't `decrypt' to anything useful. I think it's important to remember (and most people on this list are very, very well aware of this) that Adobe is advertising PDF heavily (or was a few months ago) on the strength of its font embedding to preserve corporate identities. I'd rather see outline fonts used on the web than a move to PDF and away from HTML (and still further away from SGML). Lee
Received on Saturday, 10 August 1996 16:23:54 UTC