- From: Glenn Adams <glenn@skynav.com>
- Date: Thu, 30 Jun 2011 15:14:41 -0600
- To: Sylvain Galineau <sylvaing@microsoft.com>
- Cc: John Daggett <jdaggett@mozilla.com>, John Hudson <tiro@tiro.com>, Vladimir Levantovsky <Vladimir.Levantovsky@monotypeimaging.com>, "liam@w3.org" <liam@w3.org>, StyleBeyondthePunchedCard <www-style@w3.org>, "public-webfonts-wg@w3.org" <public-webfonts-wg@w3.org>, "www-font@w3.org" <www-font@w3.org>, "Martin J." <duerst@it.aoyama.ac.jp>
- Message-ID: <BANLkTik4YkuFFeh+uPu7e_Ecvu6qKezwbA@mail.gmail.com>
sorry, but i don't buy it; the only reasonable explanation i've seen in this entire discussion is that font IPR owners want to place exclusionary rules on their licensees (nothing wrong with that), and they wish to enforce it via a EULA that mandates SOR on access to their IPR; this is nothing but content/IPR protection and has nothing to do with information leakage or privacy On Thu, Jun 30, 2011 at 2:56 PM, Sylvain Galineau <sylvaing@microsoft.com>wrote: > Exploitable information leakage is a security and privacy concern. > Licensing and content protection are not the concern. **** > > ** ** > > *From:* Glenn Adams [mailto:glenn@skynav.com] > *Sent:* Thursday, June 30, 2011 1:46 PM > > *To:* John Daggett > *Cc:* John Hudson; Vladimir Levantovsky; liam@w3.org; > StyleBeyondthePunchedCard; public-webfonts-wg@w3.org; www-font@w3.org; > Martin J.; Sylvain Galineau > *Subject:* Re: css3-fonts: should not dictate usage policy with respect to > origin**** > > ** ** > > Or to rephrase, this has nothing to do with security at all, only with the > enforcement of business terms.**** > > On Thu, Jun 30, 2011 at 2:42 PM, Glenn Adams <glenn@skynav.com> wrote:**** > > So, as I've previously said, this is only about content protection > mechanisms and their enforcement. There is no security risk on the part of > the end user (viewer of content rendered with web fonts) that is at stake > here.**** > > ** ** > > On Thu, Jun 30, 2011 at 2:09 PM, John Daggett <jdaggett@mozilla.com> > wrote:**** > > Glenn Adams wrote: > > > So, there is no end-user risk that is being addressed here other than > > the hypothetical case of violating an EULA? Is that really what all > > this noise is about?**** > > No Glenn, this is an information leakage issue, it allows for the > contents of a font, the glyph data, to be transmitted beyond the > boundaries specified by an *author* (for example, on an access-limited > site), not just beyond what is allowed by some form of licensing.**** > > > > Could you send me or point me at a EULA for which SOR on fonts is > > relevant?**** > > Ascender (Microsoft distributes their fonts via Ascender) > > From their Web Fonts EULA: > http://www.fontslive.com/info/web-fonts-eula.aspx > > > 11. “Web Site” as used herein shall be the web site identified by you > > in your account at ascenderfonts.com; (i) which utilizes the Ascender > > hosted Web Font Software in its web pages through the use of the > > Services, (ii) which does not in any way enable the permanent > > installation of the Web Font Software by End-Users on any workstation, > > computer and other electronic device, and (iii) which reasonably > > restricts access to Web Font Software from use in any way by web pages > > or any document not originating from your Web Site (For example; by > > using referrer checking to prevent hotlinking or deeplinking). > > FontFont > > From their Web Fonts EULA: > http://www.fontshop.com/licenses/fontfont/ > > > 2.3. Font Software File Protection. You must ensure, by applying > > reasonable state-of-the-art measures, that other websites cannot > > access the Font Software for display (e. g. by preventing hotlinking > > and blocking direct access to the Font Software via .htaccess or other > > web server configurations).**** > > ** ** > > ** ** >
Received on Thursday, 30 June 2011 21:15:36 UTC