W3C home > Mailing lists > Public > www-font@w3.org > July to September 2009

Re: Font license vs. conversion between font formats

From: Mikko Rantalainen <mikko.rantalainen@peda.net>
Date: Thu, 09 Jul 2009 13:00:43 +0300
Message-ID: <4A55BFCB.2090201@peda.net>
To: www-font <www-font@w3.org>
Erik van Blokland wrote:
> On 9 jul 2009, at 11:00, Mikko Rantalainen wrote:
>> I'm trying to argue that if plain TTF/OTF is not acceptable format
>> because it does not offer protection, then any other freely usable
>> format is not acceptable either.
> As several posters on this list already pointed out that this is not a
> discussion of absolutes. There is no absolute security in any scheme.
> That doesn't mean there is no reason for things like certificates,
> https, public-key, whatever (as general examples, please don't interpret
> this as a case for any of those specifically for fonts),

There's one major difference: certificates, https (SSL) and public key
encryption are *real* security features. Obfuscation or
not-yet-widely-supported format are not security features. The
difference comes from the fact that *real* security features have
secrets (keys) and not knowing those keys prevents one from getting the
data that the security system protects. Because font data MUST be
accessible by anyone, it cannot have any security.

You're right that there's no absolute security (any key can be guessed).
There is, however, a HUGE difference between between guessing zero bit
key (a font format) and say 256 bit key (typical SSL setup).


Received on Thursday, 9 July 2009 10:01:25 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 22:37:32 UTC