From: Philippe Verdy (verdy_p@wanadoo.fr)
Date: Tue Dec 02 2003 - 18:32:17 EST
"Language Analysis Systems, Inc." writes
> I'm not sure whether we're witnessing a customer-unfriendly change in
> the business model (hardly the only one the computer industry has
> foisted on us) or merely a transitional period while technologies are
> still being developed. For my part, I'd like to see SVG fill this gap.
>
> The point is that while it shouldn't be Microsoft's job to solve
> everybody's problems, it also shouldn't be the average Joe's problem to
> solve them all himself.
I agree with most of what you say, except that we are not exposing the
problem faced by readers (yes they could buy a license to use thes fonts,
but they will always think it should be for the documents they create
themselves, not for the documents created by others they receive).
So the main problem is for authors: they are not satisfied on relying on
customers to have bought a separate license to read the document they sell:
this limits the business of authors, in a way that did not exist the same
authors chose to publish printed versions of their documents.
So there's an urgent need for authors to get solutions. It's up to font
designers to provide a texhnical solution that allows them to license their
font designs to authors once, and give these authors the freedom to sell or
broadcast the documents they create with them.
That's why I think that font design providers (Adobe, Agfa MonoType, ...)
should agree on a common format to allow authors to distribute freely the
documents they create with these font designs. Then it's up to them to
cooperate with operating system vendors so that these OS will be able to
embed licensed fonts in documents, by managing two font stores in the OS:
one for reusable licensed fonts that can be used and selected to create
documents, one that get used as embeddable fonts (containing a signed copy
of the license) when these documents are exported for publishing: the
embedded fonts in the document then contain a signature of the license used
by authors, and this signature cannot be removed from embedded fonts, nor
detached from the document to create another document, without making the
embedded font undecypherable/unusable.
One way to achieve this is to only allow embedding of embeddable fonts
within unmodifiable documents. This means a "export for publication"
function in word processors, which should be the only way to create first a
unmodifiable and signed document content, in which embedded fonts will be
imported using the unmodifiable document content signature to encrypt the
embedded font which will be attached to the document.
The way these embeddable encrypted fonts are effectively attached to the
signed document needs some other standard, but any composite document model
could be used (including the standard RFC822 MIME multipart format used in
Emails or in the .MHT file format for web archives).
The document will still be modifiable, but this will require dropping the
document content signature as well as the encrypted embedded font. Users
that receive these documents and have a license for the referenced fonts can
then work on it, and sign it agains with their own license. If the
referenced fonts have no local license, it will be impossible to reuse the
embedded tont design, and the user modifying the document will have to use
another font and possibly alter the document style to work on it. But the
same user will still be able to read it with the original design if the
document is not altered.
The difficulty is that each document will need its unalterable signature,
and will need to embed a separate copy of the encrypted embedded font (this
embedded font is not usable across multiple documents from the same author).
The alternative on this could be that the documents could use a signature
exposing the identity certificate of the author, and the OS could allow a
encrypted embedded font to be used on all documents from that author by
deciphering the document content with the key contained in a embedded font
distributed separately.
But this last solution would leave a security hole if a document can be
created that matches the key of a separately embedded font: if it is not
cryptographically strongly difficult to create such a document whose content
would match the font key, the encrypted font could be reused. So the way to
avoid it is to use very strong and quite long font keys. As the document
will still need to reference that font key, the author of that modified or
new document will need to steal an identity of another author to sign his
modified document and expose that signature. This creates a vicious loop.
That's why I think there's no way to embed fonts loaded separately from the
document, and each published document wishing to use a licensed font design
will need to embed that font design completely with their own encrypted
version of that font, even if its the same one as in other documents from
the same author.
So encrypted embedded fonts should better have the force of a author
signature, for the content using that embedded font. The best way to limit
issues is to allow these encrypted embedded fonts to be viewed directly with
a OS tool along with the clear-text details of the author contained in the
signature certificate, in a way that says: "this signed embedded font is a
version of the ABC-DEF font created by Typographer ABC is usable by
documents created by XYZ, who has a valid license for using this font in the
document authored by XYZ; this means that any document referencing this
signed embedded font must be considered to be signed by XYZ and all the
intellectual rights attached to the documents are specified by XYZ; if you
think that the document you receive was not created by XYZ, you can first
check <here> if the document structure and content is valid according to
XYZ's control. If, not, then the distribution of this document to you is
illegal, as it is both a breach in the font license by the real author of
documents using this stolen font, or it may be an identity theft; if you
think this is not the case, then you must first ask to XYZ to provide you
the unencrypted font if he has the right to do so, or you must destroy the
document using it unless you get a valid license for the font design ABC-DEF
created by typographer ABC."
__________________________________________________________________
<< ella for Spam Control >> has removed Spam messages and set aside
Newsletters for me
You can use it too - and it's FREE! http://www.ellaforspam.com
This archive was generated by hypermail 2.1.5 : Tue Dec 02 2003 - 19:25:14 EST