- From: Tab Atkins Jr. <jackalmage@gmail.com>
- Date: Fri, 24 Jul 2009 17:37:50 -0500
- To: Dave Crossland <dave@lab6.com>
- Cc: www-font <www-font@w3.org>
On Fri, Jul 24, 2009 at 5:31 PM, Dave Crossland<dave@lab6.com> wrote: > 2009/7/24 Sylvain Galineau <sylvaing@microsoft.com>: >> Vladimir wrote: >>> >>> I believe there is a simple work-around to resolve this problem. Root string >>> in EOT-Lite does not have to be empty, it may contain the domain name of the >>> origin that will simply be ignored by all other browsers except IE. When >>> EOT-Lite is processed by Firefox and other browsers – the root string is >>> ignored and same origin restriction is applied. For legacy IE browsers – the >>> root string will serve the same purpose of same origin restriction and, >>> therefore, no need to require Referrer checking. >> >> Technically that’d work but it also defeats one of the main purposes of the >> original proposal which was to get us all out of the rootstring management >> nightmare. > > Right - if root strings are a MAY requirement of the spec, that would > bring back the looming threat of a court using DMCA-style laws to > force browsers to perform DRM. There's no reason for them to be a MAY. In fact, the spec should rightly say that rootstrings, if present, MUST NOT be honored. We're talking about legacy clients who won't conform to any new spec here - they can do whatever they want in this case, and we can spec the desired behavior for new clients. ~TJ
Received on Friday, 24 July 2009 22:38:45 UTC