- From: Mikko Rantalainen <mikko.rantalainen@peda.net>
- Date: Thu, 09 Jul 2009 13:00:43 +0300
- To: www-font <www-font@w3.org>
- Message-ID: <4A55BFCB.2090201@peda.net>
Erik van Blokland wrote: > On 9 jul 2009, at 11:00, Mikko Rantalainen wrote: > >> I'm trying to argue that if plain TTF/OTF is not acceptable format >> because it does not offer protection, then any other freely usable >> format is not acceptable either. > > As several posters on this list already pointed out that this is not a > discussion of absolutes. There is no absolute security in any scheme. > That doesn't mean there is no reason for things like certificates, > https, public-key, whatever (as general examples, please don't interpret > this as a case for any of those specifically for fonts), There's one major difference: certificates, https (SSL) and public key encryption are *real* security features. Obfuscation or not-yet-widely-supported format are not security features. The difference comes from the fact that *real* security features have secrets (keys) and not knowing those keys prevents one from getting the data that the security system protects. Because font data MUST be accessible by anyone, it cannot have any security. You're right that there's no absolute security (any key can be guessed). There is, however, a HUGE difference between between guessing zero bit key (a font format) and say 256 bit key (typical SSL setup). -- Mikko
Received on Thursday, 9 July 2009 10:01:25 UTC