RE: The unmentionable from Sylvain Galineau on 2009-07-29 (www-font@w3.org from July to September 2009)

From: Sylvain Galineau <sylvaing@microsoft.com>
Date: Wed, 29 Jul 2009 02:36:04 +0000
To: John Hudson <tiro@tiro.com>, "www-font@w3.org" <www-font@w3.org>
Message-ID: <045A765940533D4CA4933A4A7E32597E021125A5@TK5EX14MBXC120.redmond.corp.microsoft.>

>From: www-font-request@w3.org [mailto:www-font-request@w3.org] On Behalf
>Of John Hudson


>We do need to be clear that the minimal protections at the format level
>being discussed are not viable protections of font IP against any kind
>of deliberate misuse. I know Tal and Erik have been very clear in
>communicating this to our type design colleagues, and I think everyone
>understands that we're not getting anything that would even approach
>enabling a DRM business model for font licensing.
>
>We also need to be clear that insofar as honest users do not want to
>break license agreements and, in the case of corporate users, have much
>to risk if they do break license agreements, the minimal protections
>against casual misuse protect the user as much or more than they protect
>the font data.
>
>
>What the non-IE browser makers have indicated that they do not want is
>technical protections of a kind that would require them to enforce
>anything and potentially expose them to DMCA lawsuits. Such protections
>are not on the table.
>
>An attempt to interpret the clearly stated position of the browser
>makers to imply that *any* kind of protection at all is anathema and
>'will not fly', is unsupportable. The browser makers have already
>indicated what kinds of protections they would be willing to accept in a
>web font format. There is no fantasy 'architectural board' that dictates
>what will and will not be permitted on abstract principles. There are
>parties with stakes in the game who need to negotiate consensual
>solutions. Which is what we are gradually doing.

I echo John's sentiment. One additional comment: same-origin policy with
CORS override has already shipped for webfonts with Firefox 3.5.
As of yet I see no reason to argue with the decision or the implementation
choice. Neither do the font vendors I have talked to as it gives them
by default what used to require extra steps with EOT rootstrings, all done
in a standards way. I am positive we have enough work to do here without
looking for extra 'hair-splitting', let alone 'court proceedings' !

So while there is most definitely value in ensuring we all understand what
level of 'protection' this or that proposal entails, I am happy to let
others debate the philosophical suitability of CORS after the ship has
actually sailed.

Received on Wednesday, 29 July 2009 02:36:52 UTC