- From: John Hudson <tiro@tiro.com>
- Date: Sun, 02 Aug 2009 19:40:09 -0700
- CC: www-font <www-font@w3.org>
Robert O'Callahan wrote: > It is clear, however, that if you only have the ability to upload files > to a Web server, but you can't configure it to the level of examining > Referer headers, then you won't be able to use Referer checking while > you could still use rootstrings, however painful they might be in your > workflow. It is also well-known that many firewalls strip Referer > headers so users behind those firewalls will never see fonts controlled > by Referer checking. That is why I think rootstrings would more > attractive to authors than Referer checking. Aha. So the concern is not font vendors requiring rootstrings per se, but authors preferring rootstrings as a method to meet more generally phrased EULA requirements. Interesting. I think font makers have understood pretty well now that rootstrings are anathema to most browser makers, and that no web font format is going to fly that requires browsers to enforce rootstrings. This was understood by most of my colleagues prior to the TypeCon panel session, and was certainly made plain there. Given that many font developers are not following this discussion directly, most are probably focused on .webfont and understand that the URL info in that format specifically does not obligate browsers to take any action. I don't think they will expect differently from EOTL if the immediate focus shifts to that format. Indeed, because the proposed EOTL version string makes the presence of rootstrings invalud, I think it will be a non-issue for the font makers. That said, I expect a great many web fonts commercially licensed from font makers to contain URL data, either at the wrapper level in something like .webfont, or in the font data itself in either a private or to-be-standardised table regardless of the web font format. Browsers won't be required to do anything with this information, of course, and in the case of a font table won't even be aware that the data is there (unrecognised font tables are ignorable). This information may be required in the EULA, though, and provides a means to check whether a font is being hotlinked from an unauthorised URL. JH
Received on Monday, 3 August 2009 02:40:50 UTC