- From: Martin J Duerst <mduerst@ifi.unizh.ch>
- Date: Tue, 27 Aug 1996 17:54:48 +0200 (MET DST)
- To: gdr@cataneo.bitstream.com (Gary Ruben)
- Cc: evb@knoware.nl, www-font@w3.org
Gary Ruben wrote: >Security does not need to rely on secrets. A public key/private key >encryption system uses published algorithms and has withstood the >scrutiny of dozens, if not hundreds, of experts in cryptography. >Everyone generally believes that the mechanism is as secure as we can >possibly hope for - only governments have the resources required to >break it. Security does not need to rely on secrecy for encription passwords. Thus you can encode and send an encripted credit card number to a company and you are sure that nobody else will get this credit card number given that the company keeps the docoding key and the number itself secret. But if you send your credit card number to a phony company, they will do with it whatever they want, and tell it to everybody, even if you sent it to them so that only they were able to decode it. The same applies to fonts, only that for fonts, you have to send them to whoever wants to view a page, not just to companies accepted by credit card issuers, and that you don't have such a quick and efficient feedback loop as with credit cards that lets you detect problems within a month. Also, it's easy to issue a new credit card number, but it's not possible to issue a new font. So encription is of much less help for protecting fonts than for protecting credit card numbers and other things. Regards, Martin.
Received on Tuesday, 27 August 1996 11:55:50 UTC