[mpeg-OTspec] Re: factual error in the DSIG description in the OT spec.
Hin-Tak Leung
htl10 at users.sourceforge.net
Fri Apr 15 00:01:10 CEST 2016
Dear Vlad,
For the mid-term future, seeing as DSIG is little used, and not useful for web fonts which are seen as increasingly important, it would be nice to explicitly deprecating DSIG tables (that some vintage of MS Windows' rendering behavior depends on its presence is a bit unfortunate - perhaps a paragraph about 'if the font is for this purpose, ....' in the 'recommended practice' section); or for somewhat longer future, to come up with a new format that's compatible with sub-setting and web font usage. I think acertaining the origin/authorship/copyright status of a font is a good thing, we just need to find a new format which can do that, while surviving sub-setting and web font usage.
For the short-term, the Microsoft folks had been somewhat quiet on this matter... it would be nice to confirm the disagreement between the spec and the most widely-used MS implementation (not the 'only' as Adam Twardoch kindly pointed out), and come to an addendum in the spec - either remove the 4th step in the procedure of 5 in the spec slightly to match it, or add a sentence about the most widely used implementation does not quite do what the spec says.
Regards,
Hin-Tak
--------------------------------------------
On Tue, 29/3/16, Levantovsky, Vladimir
<Vladimir.Levantovsky at monotype.com> wrote:
Thank you Hin-Tak for
reporting the issue and for providing additional details.
I think it makes perfect
sense to revisit the concept of the DSIG in general. We
might want to consider few options:
1)
update the spec to match the behavior of the only existing
implementation;
2) review the existing
algorithm to see if it makes sense to revisit it and define
another format - I remember seeing reports of multiple
vulnerabilities;
3) reconsider the whole
approach to signing the fonts.
<snipped>
More information about the mpeg-otspec
mailing list