- From: Håkon Wium Lie <howcome@opera.com>
- Date: Sun, 19 Jun 2011 12:39:33 +0200
- To: Glenn Adams <glenn@skynav.com>
- Cc: "Tab Atkins Jr." <jackalmage@gmail.com>, John Hudson <tiro@tiro.com>, W3C Style <www-style@w3.org>, 3668 FONT <public-webfonts-wg@w3.org>, "www-font@w3.org" <www-font@w3.org>
Glenn Adams wrote: > Second, I am not saying "they shouldn't be specified". I'm saying they > (same-origin mandate) should not be specified in WOFF or CSS3-FONTS. These > are not the correct place to mandate or enforce such restrictions. I agree that a separate module would be better; the policy and technology rarely mix well in the same specifiction (which is why we ultimately dropped '!legal' in CSS, now that I think of it). A separate module has been proposed before: http://lists.w3.org/Archives/Public/public-webfonts-wg/2011Jan/0037.html Tab Atkins Jr. wrote: > Same-origin restrictions have nothing to do with content protection, > as you can trivially just download the font yourself (assuming it's > publically accessible) and host it on your own server. I agree that SOR is not a crucial part of the "protection" that WOFF provides. Therefore, I don't see why creating a separate module should be controversial. I can see that bandwidth leaching is an issue. However, I don't think we will see sites leeching off others at a big scale. Leeching is simply too fragile. Cheers, -h&kon Håkon Wium Lie CTO °þe®ª howcome@opera.com http://people.opera.com/howcome
Received on Sunday, 19 June 2011 10:40:17 UTC