Re: WebFonts WG discussions from John Hudson on 2010-05-07 (www-font@w3.org from April to June 2010)

From: John Hudson <tiro@tiro.com>
Date: Fri, 07 May 2010 11:18:12 -0700
To: www-font@w3.org
Message-ID: <4BE45964.2040806@tiro.com>

Matt Colyer wrote:

> Ahh, now I understand what you want to do. What I think you want is 
> cyptographic file signing (like the DSIG table, which didn't ever really 
> take off). http://www.microsoft.com/typography/otspec/dsig.htm

Some foundries sign their fonts, and I suspect more will be inclined to 
when delivering WOFF files, because of the likelihood that the font data 
will include serialisation and customer-specific licensing, which 
foundries will want to protect on the other side of the digital 
signature. [The digital signature doesn't prevent tampering with such 
data, but it indicates whether someone has touched the data subsequent 
to it being signed by the foundry.] This is why I confirmed earlier in 
discussions[1] that WOFF preserves the dsig.

So the question now, perhaps, is whether the WOFF file itself should be 
signable, in addition to the signature within the font data, to provide 
some measure of protection to the WOFF metadata?

> However this would require alot of effort to create a web of trust for 
> foundry certificates. Assuming all of this did work, what should happen 
> if a file wasn't properly signed? What should happen if it was signed 
> but not by a trusted entity? 

There are two different aspects of digital signatures. The primary 
function of the digital signatures and certification has been to protect 
recipients of a resource by identifying the publisher, which requires 
trust of the certification process by the recipient, may involve IT 
restrictions of certificates, etc. And in this respect the answer to 
your questions regarding improper signatures or untrusted entities are 
the same for WOFF files as they are for any other signable resource.

The secondary aspect of digital signatures is as I suggested above: they 
indicate the state of a resource when shipped from the provider, and 
hence reveal whether data has been subsequently modified. Such 
modification may be legitimate within the terms of a given license, or 
it may represent an infringement.

John Hudson

[1] http://lists.w3.org/Archives/Public/www-font/2009JulSep/1360.html

Received on Friday, 7 May 2010 18:18:51 UTC