- From: Robert O'Callahan <robert@ocallahan.org>
- Date: Mon, 3 Aug 2009 10:22:11 +1200
- To: Sylvain Galineau <sylvaing@microsoft.com>
- Cc: John Hudson <tiro@tiro.com>, www-font <www-font@w3.org>
- Message-ID: <11e306600908021522w5daadcds7718f15b31a4c40c@mail.gmail.com>
On Mon, Aug 3, 2009 at 7:46 AM, Sylvain Galineau <sylvaing@microsoft.com>wrote: > I do respect Roc's extremely well-informed opinion but we - at least I- may > wish to do more due diligence. It was not so long ago that arguments were > leveled > against EOT's rootstring feature on two grounds: first, that they are > painful to manage in practice and unlikely to be used when other methods, > while not as reliable, already exist that are used to protect other > resource > types from hot-linking and other abuse. Second, that a user agent which > ignores such rootstrings might be circumventing access control measures > under the DMCA. As a non-lawyer who has no way of judging the validity of > the latter concern when - it has only been asserted by other non-lawyers so > far - > I remain confused by the apparent 180, from : rootstrings are unusable in > practice, > and ignoring them might be illegal. To: roostrings are better than the > alternatives, > it is perfectly OK to ignore them. > I'm not a Web developer so I also would appreciate more feedback on these issues. It is clear, however, that if you only have the ability to upload files to a Web server, but you can't configure it to the level of examining Referer headers, then you won't be able to use Referer checking while you could still use rootstrings, however painful they might be in your workflow. It is also well-known that many firewalls strip Referer headers so users behind those firewalls will never see fonts controlled by Referer checking. That is why I think rootstrings would more attractive to authors than Referer checking. I don't know of any other technique to provide the sort of access control that Ascender's license is asking for, for users with IE<=8. I'm no lawyer but, while the legal issues need to be checked out, I hope that they'd turn out not to be a problem. I think "rootstrings are unusable in practice" is an exaggeration of my position. "Rootstrings are bad, the alternatives that work for IE<=8 are worse" is a better statement of my position :-). Rob -- "He was pierced for our transgressions, he was crushed for our iniquities; the punishment that brought us peace was upon him, and by his wounds we are healed. We all, like sheep, have gone astray, each of us has turned to his own way; and the LORD has laid on him the iniquity of us all." [Isaiah 53:5-6]
Received on Sunday, 2 August 2009 22:22:52 UTC