- From: Jonathan Kew <jonathan@jfkew.plus.com>
- Date: Fri, 7 May 2010 17:22:40 +0100
- To: "Tab Atkins Jr." <jackalmage@gmail.com>
- Cc: "Levantovsky, Vladimir" <Vladimir.Levantovsky@monotypeimaging.com>, Matt Colyer <matt@typekit.com>, Erik van Blokland <erik@letterror.com>, "www-font@w3.org" <www-font@w3.org>
On 7 May 2010, at 17:08, Tab Atkins Jr. wrote: > On Fri, May 7, 2010 at 6:59 AM, Levantovsky, Vladimir > <Vladimir.Levantovsky@monotypeimaging.com> wrote: >> Sorry for a delayed response. The reason I proposed to consider adding >> checksum is because the WOFF file contains extended and private metadata >> fields that are currently can be easily discarded – one can simply cut them, >> zero-out related offset/length values in the WOFF header and modify the WOFF >> length. I realize that adding checksum isn’t going to be a strong protection >> against willful modifications, the same could be done with the checksum >> present, but it would require a bit of an effort (to write the code to >> recalculate the checksum). > > I believe that, by the time people are reaching into the file to cut > out tables and modify several values, recalculating a checksum is > trivial. The operations and abilities required to do so are basically > the same. I'd agree with this; it would just be an additional piece of busy-work for every WOFF-creating tool (and for every WOFF-using UA, if validation is a requirement), without adding any significant value. Jonathan
Received on Friday, 7 May 2010 16:23:28 UTC