- From: Florian Rivoal <florianr@opera.com>
- Date: Wed, 22 Jun 2011 13:06:18 +0900
- To: "John Daggett" <jdaggett@mozilla.com>
- Cc: "Jonathan Kew" <jonathan@jfkew.plus.com>, "Tab Atkins Jr." <jackalmage@gmail.com>, "John Hudson" <tiro@tiro.com>, "W3C Style" <www-style@w3.org>, "3668 FONT" <public-webfonts-wg@w3.org>, www-font@w3.org, "Glenn Adams" <glenn@skynav.com>, Martin J. Dürst <duerst@it.aoyama.ac.jp>
On Wed, 22 Jun 2011 12:28:22 +0900, John Daggett <jdaggett@mozilla.com> wrote: > The advantage of same origin restriction is that it serves the needs > of the majority of users without any extra work. Using From-Origin > requires that the majority of users, either because they want to > prevent bandwidth leeching or they need to comply with the licensing > terms for the fonts they use, to diddle with server settings. > > I think this boils down to simple practicality vs. purity of essence. > The proposals aren't really that far apart. I agree the proposals are not that far apart if you only consider fonts, but there is a little more in favor of From-Origin than purity of essence. It is a more generic mechanism. The licensing issue is not unique to fonts. What is unique to fonts is how common this type of license is, but other kinds of resources can have similar licenses, albeit less often. If we only fix it for fonts, blocking by default and allowing to opt out is sane. But if we have a generic mechanism that applies to any kinds of resources, allow access and allow opt-in restriction is a better default. Also, the information leak problem is definitely not unique to fonts, and I would find it a shame to pass on a good opportunity to introduce a generic mechanism that can solve it for everybody. - Florian
Received on Wednesday, 22 June 2011 04:07:18 UTC