- From: Boris Zbarsky <bzbarsky@MIT.EDU>
- Date: Mon, 10 Nov 2008 23:57:59 -0500
- To: Thomas Phinney <tphinney@adobe.com>
- CC: "www-style@w3.org" <www-style@w3.org>
Thomas Phinney wrote: > 1) Who turns access control on? Is it essentially up to the browser vendors to decide a given class of resource should have access control on by default? Yes. > 2) Can remote sites avoid the access control restrictions simply by adding a word or two to the HTML referencing the remote font? No. > 3) Why is nobody worried about access control being a DMCA-covered issue? Not just for fonts, but for any resources that use it? Is it because the answer to my question #2 above is "yes"? Because there is no issue of additional controls on access here. The data is public (modulo cookies, etc). If you access it via wget (or heck, telnet to port 80) you will get it (again, modulo cookies). Since the data is only being exposed to those explicitly authorized to get it (everyone, the user with cookies, etc, depending on the site configuration) there is no circumvention of anything going on. At least as far as I can see. -Boris
Received on Tuesday, 11 November 2008 04:58:49 UTC