- From: Boris Zbarsky <bzbarsky@MIT.EDU>
- Date: Wed, 05 Nov 2008 09:45:06 -0500
- To: Thomas Phinney <tphinney@adobe.com>
- CC: "www-style@w3.org" <www-style@w3.org>
Thomas Phinney wrote: > As I read it, access control is designed to protect users, not content. Access control is designed to protect a site from having its data fetched by other sites. > Web sites merely need to add one additional word in their HTML/CSS code to avoid access control restrictions for each font used. Is this not correct? Not quite, no. They need to change their server configuration to send the appropriate headers for those files. They _can_ do this if they wish to allow everyone to use them, but of course that may put them in violation of the font's license. But that's their conscious decision, and they could just as easily make that decision by posting TTFs on their website right now. The key here is that using access control allows a site to use a font file for itself without exposing it to deep-linking from other sites by default. > 2) That the web font file NOT work on Mac and Windows OS as a regular system-level font if dropped in the system fonts folder, without any other processing. That doesn't seem like a very useful restriction; it's pretty easy to circumvent in the case of EOT. So people who want to do this will still be able to with EOT... Do you know what the reasoning for wanting this is? -Boris
Received on Wednesday, 5 November 2008 14:46:23 UTC