Re: CSS3 @font-face / EOT Fonts

On Fri, Nov 7, 2008 at 12:00 PM, Aryeh Gregor <Simetrical@gmail.com> wrote:

> On Fri, Nov 7, 2008 at 12:23 PM, Tab Atkins Jr. <jackalmage@gmail.com>
> wrote:
> > This does nothing more than give us honest developers busy work while
> making
> > the font foundries have warm fuzzy feelings knowing their fonts are
> 'safe',
> > when they are anything but no matter *what* we do (short of
> > cryptographically signing the fonts...).
>
> Cryptographically signing the fonts wouldn't do anything except
> reliably indicate that you claim they belong to you (or otherwise
> endorse their contents somehow, depending on the semantics of the
> signature).  Anyone could still remove the signature at any time, or
> replace it with their own, so it provides no safety.  Nothing will as
> long as users have full control over their machines: you need working,
> effective chains of trust from the hardware level up to have any kind
> of security that a hacker can't break with a little effort.
> Thankfully, we don't seem likely to get that anytime soon.
>

That's what I was referring to, actually - an "honorable computing"
initiative that would require every part of your computer to agree that you
had appropriate rights to run something through it, and strong cryptography
used to enforce this.  My language was ambiguous/insufficient, though, I
admit.

Tangents, though, people.  Focus on the issues!  DRM on fonts!  ^_^

~TJ

Received on Friday, 7 November 2008 18:07:39 UTC