Re: WebFonts ready for use from Brad Kemper on 2008-04-29 (www-style@w3.org from April 2008)

From: Brad Kemper <brkemper@comcast.net>
Date: Mon, 28 Apr 2008 21:10:04 -0700
To: Maciej Stachowiak <mjs@apple.com>
Cc: Paul Nelson <paulnel@winse.microsoft.com> (ATC), Håkon Wium Lie <howcome@opera.com>, "www-style@w3.org" <www-style@w3.org>
Message-Id: <9148DCF7-6841-4ACF-AA19-F4E86B2786AA@comcast.net>

On Apr 28, 2008, at 7:17 PM, Maciej Stachowiak wrote:

> We do not attempt to optimize for the case of bitwise identical font  
> files loaded from different URLs - I am not sure this would be worth  
> it.

The reason I make a case for it is that

a) font files tend to be larger than other types of linked files, so  
minimizing the number of times the identical font has to be  
transmitted is important,

b) some site have multiple sub-domains that prefer to load all their  
linked files locally, and

c) if web fonts usage becomes pervasive, then some downloadable fonts  
are going to be popular choices, especially if there is a high  
likelihood that the user already has them loaded in RAM, where they  
can be used without being reloaded, and especially if they have  
liberal licensing rights.

> I do not think either form of sharing is precluded by the spec, or  
> security or IP considerations. These are simply transparent  
> performance optimizations.

True. But a spec could provide a common way for a font to expose a  
quick loading fingerprint that verifies it is the same font as the one  
you already have loaded in RAM.

> What is not OK (in my opinion) is exposing the font to Web pages  
> that don't have an @font-face rule for it in their stylesheet, or  
> installing it on the system where random documents and applications  
> can see it. That would be a security risk and would not even  
> conceptually be embedding.

I wouldn't suggest installing it on the system for other applications,  
as that would allow them to be used for editing, instead of just  
displaying their alphabetic designs within the page's letters.  
However, I still fail to see the security risk of NOT loading a font  
that is identical to one that is already loaded, assuming such a thing  
could be verified with a reasonably high level of confidence.

Perhaps that would require a @font-face in both documents, but they  
wouldn't have to point to the same location if they had the same  
fingerprints (and the default style sheet could refer to the  
fingerprints of the locally installed system fonts).

Received on Tuesday, 29 April 2008 04:10:50 UTC