RE: [ft-devel] Digital signatures

[Turner, David]

Salut Antoine,

> Useless about security, probably.
Yes

> Worse, the MS tool that signs does not check many things (and 
> certainly not possible exploit, since none are known ;-)), and anyway you 
> can set it up to allow signing using /another/ checking tool...
> 
> Which are the reasons why you, George, me, and the majority 
> of the writers in the OpenType thread, believe this is related to anything 
> except computer security.
> 
Definitely.
> 
> >From the Adobe page about this (http://minilien.com/?J9TnbFnOrb), the two
> objectives are "Secure identification" (of the provider, i.e. 
> DRM) and "no tampering"; and this page then goes to great length to 
> explain that "Digital signatures do not guarantee that that the font is a 
> good font."
>
Thanks for the pointer. This page is hilarious because it shows the pain
that font signing really is. Small jewels like:

 "Don't try to work with Verisign customer support. As of the writing
  of this document, they know nothing about signing fonts, and will
  give you a lot of advice that does not help. The people who can
  help you are busy with really big accounts."

Aaaaaah :-)

> OTOH, the "threat" about requiring all fonts to be signed in a future
> version of Windows is clearly written (remember this page targets font
> developpers, who should buy the certificates, then manage 
> them.) Even if I believe they never will in fact enforce the threat (as you 
> can read in the thread).
> 
Yes, and enforcing that threat is, for Adobe, akin to saying:

  "We decided to completely leave the graphics design market. 
   Our competitors will happily sell you non-DRM-encumbered 
   products that will not reject the thousands of fonts you've
   legally acquired at high prices through your business life.

   Our business plan is now to skim as much money from the poor
   losers that are still stuck on our platforms, then start
   selling something else ... maybe cookies ?."

or for Microsoft:

  "We completely gave up competing with Apple on the graphics
   design and print market. Also, we forgot what the PC revolution
   was all about."

There is no chance in hell this is going to happen, because DRM can
only work when you have complete lock-in. Otherwise,they're still be 
an alternative, be it an OS, a competitor or the "DarkNet".

Since I work in Digital TV tech, I assure you that these lock-ins
do exist, but that's only because they apply to things that people
do not consider their own.

Things are different with personal and enterprise computers. Regarding
music, power players want cartels and laws to enforce the lock-in. So
far, they failed but who knows what will happen in the next 10 years ?

The only plausible scenario for DSIG I can think of is the head of an IT
department deciding to only allow signed binaries/documents/fonts/wathever
on its Windows network. I'm also convinced that the "experiment" will
not last more than 24 hours :-)

> 
> All we can add at this point, is that *Free*Type probably will /never/
> require fonts to be 'signed', in any future release ;-).
> David, is it a good point to add this to the website?
> 
The only statement we can make is that digital signature verification
must be performed on top of the font engine (we're not going to depend
on a cryptographic library, don't we). 

And you could use FreeType to do that as long as your users don't have
a way to directly access the font files. This is in no way our problem.

Our license allows any lunatic to use the font engine after all :-)

Regards,

- David Turner
- The FreeType Project  (www.freetype.org)