W3C home > Mailing lists > Public > www-font@w3.org > April to June 2010

Re: WebFonts WG discussions

From: Tab Atkins Jr. <jackalmage@gmail.com>
Date: Fri, 7 May 2010 09:08:07 -0700
Message-ID: <r2wdd0fbad1005070908ne41620adr16d788eae0b6dc9b@mail.gmail.com>
To: "Levantovsky, Vladimir" <Vladimir.Levantovsky@monotypeimaging.com>
Cc: Matt Colyer <matt@typekit.com>, Erik van Blokland <erik@letterror.com>, "www-font@w3.org" <www-font@w3.org>
On Fri, May 7, 2010 at 6:59 AM, Levantovsky, Vladimir
<Vladimir.Levantovsky@monotypeimaging.com> wrote:
> Sorry for a delayed response. The reason I proposed to consider adding
> checksum is because the WOFF file contains extended and private metadata
> fields that are currently can be easily discarded – one can simply cut them,
> zero-out related offset/length values in the WOFF header and modify the WOFF
> length. I realize that adding checksum isn’t going to be a strong protection
> against willful modifications, the same could be done with the checksum
> present, but it would require a bit of an effort (to write the code to
> recalculate the checksum).

I believe that, by the time people are reaching into the file to cut
out tables and modify several values, recalculating a checksum is
trivial.  The operations and abilities required to do so are basically
the same.

Received on Friday, 7 May 2010 16:09:04 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 22:37:34 UTC