- From: John Hudson <tiro@tiro.com>
- Date: Thu, 30 Jul 2009 17:25:19 -0700
- To: Thomas Lord <lord@emf.net>
- CC: John Daggett <jdaggett@mozilla.com>, www-font <www-font@w3.org>
Thomas Lord wrote:
>> For implementations *only* supporting EOT-Lite, the font is not
>> loaded. No exceptions.
> I think we have a problem there. What you describe
> is a DRM-via-standards mechanism
Really? It seems to me that it is simply chucking something that it
considers an invalid file. A DRM-enabling mechanism is something that
restricts use of a font by a user agent. The font being invalid
according to the format specification doesn't seem to me to be
DRM-enabling. I mean, how is the described behaviour
1. Check that MagicNumber is 0x504C.
2. Check that the version number is either 0x00010000,
0x00020001, or 0x00020002.
3. Check that Flag bits TTEMBED_TTCOMPRESSED and
TTEMBED_XORENCRYPTDATA are not set.
If any of these checks fail, the font is not loaded.
exploitable as a protection?
I guess a font is really well protected if it won't display anywhere.:)
JH
Received on Friday, 31 July 2009 00:26:03 UTC