W3C home > Mailing lists > Public > www-style@w3.org > June 2011

Re: css3-fonts: should not dictate usage policy with respect to origin

From: Glenn Adams <glenn@skynav.com>
Date: Thu, 30 Jun 2011 14:42:16 -0600
Message-ID: <BANLkTin_y-KvD12uRtCa24uyspDqQo8Mkw@mail.gmail.com>
To: John Daggett <jdaggett@mozilla.com>
Cc: John Hudson <tiro@tiro.com>, Vladimir Levantovsky <Vladimir.Levantovsky@monotypeimaging.com>, liam@w3.org, StyleBeyondthePunchedCard <www-style@w3.org>, public-webfonts-wg@w3.org, www-font@w3.org, "Martin J." <duerst@it.aoyama.ac.jp>, Sylvain Galineau <sylvaing@microsoft.com>
So, as I've previously said, this is only about content protection
mechanisms and their enforcement. There is no security risk on the part of
the end user (viewer of content rendered with web fonts) that is at stake

On Thu, Jun 30, 2011 at 2:09 PM, John Daggett <jdaggett@mozilla.com> wrote:

> Glenn Adams wrote:
> > So, there is no end-user risk that is being addressed here other than
> > the hypothetical case of violating an EULA? Is that really what all
> > this noise is about?
> No Glenn, this is an information leakage issue, it allows for the
> contents of a font, the glyph data, to be transmitted beyond the
> boundaries specified by an *author* (for example, on an access-limited
> site), not just beyond what is allowed by some form of licensing.
> > Could you send me or point me at a EULA for which SOR on fonts is
> > relevant?
> Ascender (Microsoft distributes their fonts via Ascender)
> From their Web Fonts EULA:
> http://www.fontslive.com/info/web-fonts-eula.aspx
> > 11. “Web Site” as used herein shall be the web site identified by you
> > in your account at ascenderfonts.com; (i) which utilizes the Ascender
> > hosted Web Font Software in its web pages through the use of the
> > Services, (ii) which does not in any way enable the permanent
> > installation of the Web Font Software by End-Users on any workstation,
> > computer and other electronic device, and (iii) which reasonably
> > restricts access to Web Font Software from use in any way by web pages
> > or any document not originating from your Web Site (For example; by
> > using referrer checking to prevent hotlinking or deeplinking).
> FontFont
> From their Web Fonts EULA:
> http://www.fontshop.com/licenses/fontfont/
> > 2.3. Font Software File Protection. You must ensure, by applying
> > reasonable state-of-the-art measures, that other websites cannot
> > access the Font Software for display (e. g. by preventing hotlinking
> > and blocking direct access to the Font Software via .htaccess or other
> > web server configurations).
Received on Thursday, 30 June 2011 20:43:07 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 22:50:02 UTC