Re: EOT-Lite clarification

On Tue, Jul 28, 2009 at 9:57 AM, Sylvain Galineau <>wrote:

> > I do not see why one would even have to check that rootstring is null.
> > Would it be easier just ignore it no matter what (if anything) is in
> > there? And, if this is what the spec say browser should do (i.e. ignore
> > rootstring), I don't see anything wrong with it, it just makes
> > implementer's life easier.
> I'd think anyone who licenses EOT-Classic fonts (as opposed to EOT-Lite)
> expects the rootstring to be enforced. Even if Monotype doesn't care it
> would be quick check, combined with a file extension, indicating that
> you're dealing with a valid EOT-Lite file and can go straight to the font
> data. No MTX compression or any other legacy feature in your way.

IMHO EOT-Lite would be more attractive specified as "clients should ignore
rootstrings, but apply a same-origin check + CORS" than with "clients must
reject a non-null rootstring, but apply a same-origin check + CORS" ...
because it enables the deployment scenario where access is controlled with a
rootstring for IE<=8 and same-origin + CORS for other browsers. I believe
that is the best deployment scenario that is compatible with IE<=8.

If the ignore-rootstrings version of EOT-Lite is untenable due to concerns
over EOT-Classic fonts, then we need to hear that now.

"He was pierced for our transgressions, he was crushed for our iniquities;
the punishment that brought us peace was upon him, and by his wounds we are
healed. We all, like sheep, have gone astray, each of us has turned to his
own way; and the LORD has laid on him the iniquity of us all." [Isaiah

Received on Tuesday, 28 July 2009 00:18:11 UTC