Re: What constitutes protection [was: About using CORS] from Garrick Van Buren on 2010-05-04 (www-font@w3.org from April to June 2010)

From: Garrick Van Buren <garrick@kernest.com>
Date: Tue, 4 May 2010 11:41:59 -0500
To: www-font@w3.org
Message-Id: <5002D879-CF09-4D44-8949-93586B89BC35@kernest.com>

> 
> If you search this archive for security, I believe roc and/or John Daggett
> explained some of them.

Thank you.



>> Yes - and the day I upgraded, it broke a significant portion of my work.
> Not sure I understand what broke: did Firefox support fonts cross-domain 
> before it implemented SOR ?

Yes. Firefox supported cross-domain before it implemented SOR.



>> Now the conversation is around recommending a single technical solution 
>> to accommodate the thousands of different licensing terms? 
> Font licenses are outside the scope of this WG. But technical solutions
> that collide head-on with general licensing restrictions common across
> the vast majority of EULAs are not that interesting. We aim to expand
> choice, not reduce it.

This thread has already discussed a number of existing file formats without a similar 'protection' that frequently contain creative work with restrictive licensing models. There's already a space in the original font format for licensing info, we've talked about the WOFF metadata potentially including additional licensing information. Independent of the security issues you pointed out (that I've yet to fully review) - from a licensing perspective - including this sort of check within the format seems doubly redundant.


>> It is conceivable that a license exists that would be violated because of
>> this recommendation.
> It certainly is. But it is also conceivable that number of licenses - and 
> fonts - that are not violated by this recommendation is far higher.

Sure, and again, as you stated - licensing it outside the scope of this WG.  



>> Lastly, given how easy it is to externally compress I don't find built-
>> in compression advantageous. In some ways, it's more problematic.
> 
> Why is it more problematic ? Are PNG, audio, video and other data format 
> compressions problematic ?

Problematic because some web servers are setup to gzip all assets they serve by default. Today, this creates unreliable results with WOFF - thus requiring additional configurations to reliably serve this specific font format. 


-----------------------
Garrick Van Buren
612 325 9110
garrick@kernest.com
-----------------------
Kernest.com
Free, Subscription, and Web Native fonts.
-----------------------

Received on Tuesday, 4 May 2010 16:42:38 UTC