|Microsoft Typography | Developer | Digital signatures|
If you've ever downloaded software from the Web you'll be aware that levels of product quality, stability and respect for intellectual property rights vary widely. It's difficult to ever be entirely sure that a downloaded file will not erase your hard drive or get you into trouble for infringing your employer's anti-piracy policy.
Font files suffer from these problems just like any other kind of software. Font quality can vary widely. With some fonts currently in circulation containing bugs that can, in extreme cases, stop your software from functioning. Moreover, font files are generally less than 60K in size, making it easy to illegally redistribute them via e-mail or Web based software archives. Since the specifications for most font file formats are publicly available, fonts are an easy target for those who want to remove copyright messages or change trademarked font names.
Digital signatures go some way towards addressing these issues. Digital signatures are a way of authenticating the author of a file. If a font contains Monotype's digital signature, a user can be 100% certain that the font was created by Monotype, and hasn't been tampered with. However, digital signatures are not an anti-piracy device. Digital signatures will not prevent people from redistributing copyrighted files. Anyone with the requisite technical ability should be able to remove a signature from a file, and even re-sign it with their own signature. Legislation is being drafted in various territories that will make this practice illegal.
To digitally sign a file, a publisher obtains public and private keys from an independent 'Certificate Authority' (Microsoft does not provide such keys.) The public key is a kind of certificate that identifies a specific publisher. The publisher uses a 'signing tool' to sign each file using their private key. Publishers will only need to obtain one set of keys from a Certificate Authority. These can be used to sign any file they produce, since a signature identifies a publisher not a specific file.
We have released a font signing tool that publishers can use to sign TrueType and OpenType fonts. In addition to actually adding the digital signature to the font file, the tool will perform tests to help publishers ensure their fonts conform to the published font specifications and do not contain serious bugs. The signatures themselves are formed using industry standards (standard hashing algorithms and standard signature formats).
In most circumstances signed files will be treated differently than unsigned files by operating systems and applications. Current versions of Microsoft Internet Explorer, for example, provide a different set of warnings when downloading unsigned files from the Internet than when downloading files that have been signed.
The way in which future Microsoft operating systems will deal with signed and unsigned fonts, is still being decided. However, it is important for publishers to start signing their fonts as soon as possible. It is possible that many corporations will adopt a policy of only allowing signed files on their networks. In the future it will be possible for system administrators to implement company wide policies to prevent employees from installing unsigned software, including unsigned fonts.
One area of concern for users is what happens if a publisher has their certificate revoked. When a publisher applies for a certificate with a certificate authority, they agree to the authority's list of terms and conditions. If the publisher breaks this agreement, they may have their signature revoked and placed on a public list of publishers whose certificates have been revoked. A publisher going out of business is not grounds for it having its certificate revoked. Operating system components that validate digital signatures will include a database of revoked signatures. These databases will likely be updateable via the Internet, Intranets and operating system service packs.
The way in which an operating system or application deals with files that have revoked signatures will vary depending on the file type. With most file types warning messages will be displayed and the user will be asked to decide if they want to risk using the file. The way in which fonts will be treated is still being worked out. One possibility is that fonts with revoked signatures will prompt warning messages with the user given the option to discard the font or keep it.
Signatures will break if a signed font has been tampered with and such fonts would prompt a different set of warnings. The way in which fonts with broken signatures are handled is still being decided.
Many computer industry experts agree that we are moving towards a point where, at some time in the future, all executable programs and files will require a digital signature to function. Microsoft's Typography group will ensure that mechanisms are in place to make the transition as smooth and painless as possible for font users and developers, should it become necessary for all files, including fonts, to be signed
In this article, we have referred to the person who signs a font file as its publisher. However, in font production, many companies and individuals contribute to the final product. For example, in the case of the Palatino Linotype font; Linotype owns the trademark to the name 'Palatino', Herman Zapf was responsible for the original designs, Monotype engineers hinted the font and Microsoft was responsible for testing and project management. Each of these areas could be referred to as an authenticatable attribute and it will be possible for a font to contain a number of different signatures, one for each attribute. It is also possible that in special cases a font vendor may require that to install a font the user must add their personal signature to the font file. These processes are known as co-signing or countersigning.
Although the OpenType font specification allows for countersigning, Windows 2000 does not support the authentication and verification of each individual signature in a font. Our font-signing tool will only let one publisher sign a font.
Another area especially relevant to font embedding and Far East fonts is that of subsetting. It is useful in some applications to create custom fonts that only support some of the characters included in the original font. Removing, altering or adding characters will under normal circumstances break a digital signature. However, Microsoft is working on a technique where by individual characters can be removed with the signature remaining intact.
|Microsoft Typography | Developer | Digital signatures|