IETF Logo Mail Archive

Re: [websec] font sniffing

Peter Saint-Andre <stpeter@stpeter.im> Wed, 09 November 2011 17:40 UTC

Return-Path: <stpeter@stpeter.im>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8F06221F8C39 for <websec@ietfa.amsl.com>; Wed, 9 Nov 2011 09:40:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5wWafKGA++ta for <websec@ietfa.amsl.com>; Wed, 9 Nov 2011 09:39:58 -0800 (PST)
Received: from stpeter.im (mailhost.stpeter.im [207.210.219.225]) by ietfa.amsl.com (Postfix) with ESMTP id D994C21F8C34 for <websec@ietf.org>; Wed, 9 Nov 2011 09:39:58 -0800 (PST)
Received: from normz.cisco.com (unknown [72.163.0.129]) (Authenticated sender: stpeter) by stpeter.im (Postfix) with ESMTPSA id E4DB341FC7; Wed, 9 Nov 2011 10:45:54 -0700 (MST)
Message-ID: <4EBABAEC.6000907@stpeter.im>
Date: Wed, 09 Nov 2011 10:39:56 -0700
From: Peter Saint-Andre <stpeter@stpeter.im>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.5; rv:8.0) Gecko/20111105 Thunderbird/8.0
MIME-Version: 1.0
To: Adam Barth <ietf@adambarth.com>
References: <CAJE5ia82hhiyQHboBg5cWLe_=VdSZ1pFgFi0_TiiwgJKxKesfw@mail.gmail.com> <C68CB012D9182D408CED7B884F441D4D0605EFA3B4@nambxv01a.corp.adobe.com> <4EA4D8B8.7010108@gondrom.org> <op.v3umd8p264w2qv@annevk-macbookpro.local> <4EA52C49.1090308@gondrom.org> <op.v3umz3sv64w2qv@annevk-macbookpro.local> <4EA6143D.8060009@it.aoyama.ac.jp> <op.v3vysenw64w2qv@annevk-macbookpro.local> <4EA65768.60205@it.aoyama.ac.jp> <4EA65A59.6010005@gondrom.org> <4EBAB866.2020209@stpeter.im> <CAJE5ia9sU+g6WZC4wb5MEFCqb=TceaFD2yLMXe3f1e5T=h=VSA@mail.gmail.com>
In-Reply-To: <CAJE5ia9sU+g6WZC4wb5MEFCqb=TceaFD2yLMXe3f1e5T=h=VSA@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Cc: websec@ietf.org
Subject: Re: [websec] font sniffing
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Nov 2011 17:40:03 -0000

On 11/9/11 10:30 AM, Adam Barth wrote:
> On Wed, Nov 9, 2011 at 9:29 AM, Peter Saint-Andre<stpeter@stpeter.im>  wrote:
>> On 10/25/11 12:42 AM, Tobias Gondrom wrote:
>>>
>>> On 25/10/11 07:30, "Martin J. Dürst" wrote:
>>>>
>>>> On 2011/10/25 11:34, Anne van Kesteren wrote:
>>>>>
>>>>> On Tue, 25 Oct 2011 10:43:25 +0900, Martin J. Dürst
>>>>> <duerst@it.aoyama.ac.jp>  wrote:
>>>>>>>
>>>>>>> But who is at fault is not what we are interested in here I think. We
>>>>>>> are interested in defining when implementations have to sniff. They
>>>>>>> very
>>>>>>> much have to sniff for fonts.
>>>>>>
>>>>>> Yes. If somebody has enough energy, it would still make sense to
>>>>>> register font types.
>>>>>
>>>>> Because..?
>>>>
>>>> - Font formats, as well as other Mime types, are not only used by Web
>>>> browsers.
>>>> - There may be new formats, for which no sniffing is done yet.
>>>> - Servers may prefer to declare what they are sending out rather than
>>>> to be silent about it, even if not all clients use that information.
>>>> - Once we have registered types, sniffing could in the long term maybe
>>>> even go away.
>>>>
>>>> Regards,   Martin.
>>>
>>> +1 for that.
>>
>> Based on discussion here and at the W3C TPAC last week, I raised this issue
>> on the apps-discuss list:
>>
>> http://www.ietf.org/mail-archive/web/apps-discuss/current/msg03447.html
>>
>> The immediate reaction was: "do you mean fonts or typefaces?"
>>
>> Before taking on this work, it would be helpful to understand exactly what
>> typographic entities are being sent around by browsers and other
>> applications.
>
> Mechanically, resource representations that might get shoved into
> @font-face rules.

Based on Anne's previous message to this list [1], it seems that we're 
actually talking about font representation formats (his examples are 
TrueType Collection, OpenType, TrueType, and Web Open Font Format) 
instead of particular fonts (e.g., "12pt Georgia Bold Italic") or 
typefaces (e.g., "Georgia").

Correct?

/psa

[1] http://www.ietf.org/mail-archive/web/websec/current/msg00235.html

v2.23.0 | Report a Bug | By Email