[mpeg-OTspec] proposing DSIG update, again.

Hin-Tak Leung htl10 at users.sourceforge.net
Fri Jan 13 06:20:43 CET 2017 

Hi  Peter,

Apologies for being a pain - may I ask of the schedule/plan and timescale at which fixing mssipotf.dll may happen, or revisiting the idea of changing the spec?

The reason I am asking is that, at some point I'd like to revisit some of the issues with the new re-implementation of the DSIG verification part of FontVal 2.0 :

https://github.com/HinTak/Font-Validator/issues/4
'DSIG remaining issues.'

That being #4 (and therefore one of the earliest still-open issue), will probably be a blocking issue to v2.1, if v2.1 is to happen at all.

Also, since you mentioned fixing mssipotf.dll - which perhaps means that Microsoft will be allocating engineering resource in this area. Since signature verification is closely related to the process of signing, I wonder if your engineer might like to contribute to another devel idea - a cross-platform implementation of the font signing tool:

https://github.com/Microsoft/Font-Validator/issues/44
FontVal -based DSIG signing tool

and/or commission me to work in that direction. We should take this part of discussion off the list if you wish to discuss further.

Hin-Tak

--------------------------------------------
On Mon, 9/1/17, Peter Constable <petercon at microsoft.com> wrote:

 Hin-Tak: 
    
 It is a deadline, but not
 the last deadline for the 4th edition. I would
 like to investigate this further before making any spec
 changes. It may be an option for us to fix mssipotf.dll,
 which might be a better approach than changing
  the spec after over a decade. 
    
    
 Peter 
    
 From:
 mpeg-OTspec at yahoogroups.com
 [mailto:mpeg-OTspec at yahoogroups.com]
 On Behalf Of Hin-Tak Leung
 htl10 at users.sourceforge.net [mpeg-OTspec]
 
 Sent: Monday, January 9, 2017 1:49 PM
 
 Subject: [mpeg-OTspec] proposing DSIG update,
 again. 
 
 Hi all,
  
 It is another deadline for RFC for OT spec 4th edition
 tomorrow. May I propose once again the following change be
 made:
  
 Referring to:
 
 http://www.microsoft.com/typography/otspec/dsig.htm
 
 - Remove "4. Zero out the file checksum in the head
 table." and 
 
 - Renumbering "5. Add the usFlag (reserved, set at 1
 for now) to the stream of bytes" to 4.
 
 The reason for change is that, this is how we understand
 Microsoft's signing/verification module, the most widely
 used implementation, works.
  
 I don't know who at Microsoft is supposed to be in
 charge of mssipotf.dll - the font signing/verfication
 wintrust module.
 
 Ali seems to have access to the most current binaries, and
 Greg seems to be generally involved with font-related matter
 at the deep coding level. Could we at least identify
 somebody or the team at Microsoft who is "in charge
 of" mssipotf.dll (if there is indeed
  such a party) to corroborate the suggestion above?
  
 Hin-Tak

More information about the mpeg-otspec mailing list