[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [ft-devel] Digital signatures
From: |
Antoine Leca |
Subject: |
Re: [ft-devel] Digital signatures |
Date: |
Fri, 26 Aug 2005 10:48:27 +0200 |
Salut David,
Tu peux dormir ? ;-)
On Thursday, August 25th, 2005 15:18Z Turner, David wrote:
>
> My opinion is that the DSIG table is the brain-child of DRM-obsessed
> managers at Microsoft Typography (or above), who don't understand much
> things regarding security.
They only understand that "security" is a buzzword (and it was even _before_
the 2001 'revolution' codenamed 'code-red'), and that's all that matters
about DRM and the like (FUD) :-).
> If digital signatures are not mandatory _and_ used with non-reversible
> encryption, they're simply useless.
Useless about security, probably.
Worse, the MS tool that signs does not check many things (and certainly not
possible exploit, since none are known ;-)), and anyway you can set it up to
allow signing using /another/ checking tool...
Which are the reasons why you, George, me, and the majority of the writers
in the OpenType thread, believe this is related to anything except computer
security.
>From the Adobe page about this (http://minilien.com/?J9TnbFnOrb), the two
objectives are "Secure identification" (of the provider, i.e. DRM) and "no
tampering"; and this page then goes to great length to explain that "Digital
signatures do not guarantee that that the font is a good font."
OTOH, the "threat" about requiring all fonts to be signed in a future
version of Windows is clearly written (remember this page targets font
developpers, who should buy the certificates, then manage them.) Even if I
believe they never will in fact enforce the threat (as you can read in the
thread).
All we can add at this point, is that *Free*Type probably will /never/
require fonts to be 'signed', in any future release ;-).
David, is it a good point to add this to the website?
Antoine