[mpeg-OTspec] proposing DSIG update, again.
Hin-Tak Leung
htl10 at users.sourceforge.net
Fri Jan 13 06:20:43 CET 2017
Hi Peter,
Apologies for being a pain - may I ask of the schedule/plan and timescale at which fixing mssipotf.dll may happen, or revisiting the idea of changing the spec?
The reason I am asking is that, at some point I'd like to revisit some of the issues with the new re-implementation of the DSIG verification part of FontVal 2.0 :
https://github.com/HinTak/Font-Validator/issues/4
'DSIG remaining issues.'
That being #4 (and therefore one of the earliest still-open issue), will probably be a blocking issue to v2.1, if v2.1 is to happen at all.
Also, since you mentioned fixing mssipotf.dll - which perhaps means that Microsoft will be allocating engineering resource in this area. Since signature verification is closely related to the process of signing, I wonder if your engineer might like to contribute to another devel idea - a cross-platform implementation of the font signing tool:
https://github.com/Microsoft/Font-Validator/issues/44
FontVal -based DSIG signing tool
and/or commission me to work in that direction. We should take this part of discussion off the list if you wish to discuss further.
Hin-Tak
--------------------------------------------
On Mon, 9/1/17, Peter Constable <petercon at microsoft.com> wrote:
Hin-Tak:
It is a deadline, but not
the last deadline for the 4th edition. I would
like to investigate this further before making any spec
changes. It may be an option for us to fix mssipotf.dll,
which might be a better approach than changing
the spec after over a decade.
Peter
From:
mpeg-OTspec at yahoogroups.com
[mailto:mpeg-OTspec at yahoogroups.com]
On Behalf Of Hin-Tak Leung
htl10 at users.sourceforge.net [mpeg-OTspec]
Sent: Monday, January 9, 2017 1:49 PM
Subject: [mpeg-OTspec] proposing DSIG update,
again.
Hi all,
It is another deadline for RFC for OT spec 4th edition
tomorrow. May I propose once again the following change be
made:
Referring to:
http://www.microsoft.com/typography/otspec/dsig.htm
- Remove "4. Zero out the file checksum in the head
table." and
- Renumbering "5. Add the usFlag (reserved, set at 1
for now) to the stream of bytes" to 4.
The reason for change is that, this is how we understand
Microsoft's signing/verification module, the most widely
used implementation, works.
I don't know who at Microsoft is supposed to be in
charge of mssipotf.dll - the font signing/verfication
wintrust module.
Ali seems to have access to the most current binaries, and
Greg seems to be generally involved with font-related matter
at the deep coding level. Could we at least identify
somebody or the team at Microsoft who is "in charge
of" mssipotf.dll (if there is indeed
such a party) to corroborate the suggestion above?
Hin-Tak
More information about the mpeg-otspec
mailing list