W3C home > Mailing lists > Public > www-font@w3.org > April to June 2010

RE: What constitutes protection [was: About using CORS]

From: Levantovsky, Vladimir <Vladimir.Levantovsky@MonotypeImaging.com>
Date: Tue, 4 May 2010 17:19:39 -0400
To: Garrick Van Buren <garrick@kernest.com>, "www-font@w3.org" <www-font@w3.org>
Message-ID: <7534F85A589E654EB1E44E5CFDC19E3D020819F1CA@wob-email-01.agfamonotype.org>
FWIW, If we had a chance to go back and protect every other resource from being used with SOR and CORS - it would have made sense to do it. Besides privacy and leakage, there is also bandwidth consideration - why should an author or a website owner ever be in a position when anyone else can link to his resources on his site when he is the one paying for bandwidth? Even if his hosting plan provides unlimited bandwidth, it is still his bandwidth, right? The author seems to be the only one who is entitled to make the decision to allow this linking to happen using CORS. It seems that same-origin restriction by default makes perfect sense for any resource, and while I lament that it wasn't implemented for other resources, I do not see any reason why it should not be in place for fonts and other resources going forward.


> -----Original Message-----
> From: www-font-request@w3.org [mailto:www-font-request@w3.org] On
> Behalf Of Garrick Van Buren
> Sent: Tuesday, May 04, 2010 9:01 AM
> To: www-font@w3.org
> Subject: Re: What constitutes protection [was: About using CORS]
> A quick question.
> It seems to me - these checks (single-origin, and otherwise) are only
> being discussed to 'prevent leakage'.
> Protection from that leakage is only needed because of some fonts
> licenses.
> Sure, I'm new here - but it seems awkward that we're working towards a
> specifying protective checks for all fonts - when not all fonts have a
> license that discourages leakage.
> If we're going to design a ruleset for all fonts based on the
> characteristics of some of them - what's the downside of no 'protection
> against leakage' ?
> -----------------------
> Garrick Van Buren
> 612 325 9110
> garrick@kernest.com
> -----------------------
> Kernest.com
> Free, Subscription, and Web Native fonts.
> -----------------------
> On May 4, 2010, at 1:26 AM, Anne van Kesteren wrote:
> > On Tue, 04 May 2010 15:12:49 +0900, Robert O'Callahan
> <robert@ocallahan.org> wrote:
> >> Yes, there was a big kerfuffle over video. A few reasons why video
> is
> >> probably different from fonts:
> >> a) video is huge, so much more likely to need CDN support or at
> least to be placed on dedicated servers. Fonts are much smaller so it's
> generally going to be easy to serve a font on the same server as the
> rest of the normal page content.
> >
> > I just checked cnn.com and it seems to be using CDN for style sheets.
> If it is using them for style sheets it seems likely it would use them
> for fonts too, as they are typically larger than style sheets.
> >
> >
> >> b) people want to put links to "viral videos" in their blogs. I
> don't see
> >> "viral fonts" as being such a big cultural medium, but even if they
> are,
> >> people can copy them around easily enough.
> >> c) there is a well-established precedent with Flash and Quicktime
> that you can link to videos cross-site. There is not such a well-
> established
> >> precedent for fonts.
> >>
> >>> They might not like it for instance if stripping of some headers by
> an
> >>> intermediary renders the site in some horrible fallback font. It
> seems
> >>> same-origin licensing requirements would also be a problem for
> these sites.
> >>
> >> We shall see what authors say, but if you want to increase
> reliability it's a matter of copying the font to your own server, which
> is probably not a big deal. That protects you from the other site being
> down as well.
> >
> > I was mostly thinking of sites like cnn.com.
> >
> >
> > --
> > Anne van Kesteren
> > http://annevankesteren.nl/
> >
Received on Tuesday, 4 May 2010 21:22:17 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 22:37:34 UTC