W3C

– DRAFT –
Web Fonts Working Group Teleconference

20 May 2025

Attendees

Present
ChrisL, Garret, scott, skef, Vlad
Regrets
-
Chair
-
Scribe
Garret

Meeting minutes

review open issue #276

<Vlad> scribenick Garret

Garret: makes sense, I initially left this a little vague.

Chris: you can use css fonts 4 which now includes the use of fetch as a reference.

<ChrisL> See https://drafts.csswg.org/css-fonts-4/#font-fetching-requirements for an example

Garret: sounds good, I'll look at that and can draft some changes.

issue #275 defining what happens when url fails to parse.

Garret: I believe this is already addressed, but I'll double check and update the issue/spec as needed.

Chris: need to stop trying to extend the font in some failure cases.

Garret: yes, I believe we have language for this, but I'll double check.

issue #272 leaking exact content of an element.

<Vlad> related to review comment: w3ctag/design-reviews#1057 (comment)

Chris: talked to author of the exploit and didn'tsee IFT as an issue.

Skef: have some questions about dynamic patch generation. If you have a server that can accept a dynamic patch how do you know it came from a valid patch map.

Garret: one way to solve this is to have the dynamic urls encrypted to make sure the hoster is the only one who can craft valid urls

Skef: I think we should have security guidance that the dynamic mappings should be deterministic.

Skef: is dynamic patching an exception?

Garret: yes, static patching is intended to be the main use case. The open source encoder will likely only do static.

Garret: agreed, we should add some text to the security section about the dynamic graphs being deterministic.

Garret: one additional change from that issue is we should make non invalidating patch fetch ordering deterministic (use patch map entry order).

Garret: will close issue 272 and open new issue for fetch ordering.

issue 267

Garret: have a plan for this one, just haven't had time to get to it yet.

issue 259 uri templates

Garret: will ping Anne and see if the op code approach is OK.

Garret: ift encoder updates - CFF/CFF2 support in client and server and demo, preload lists (for invalidating patches) added to encoder and client (not demo yet, but comingsoon)

Skef: want to say thanks from Adobe for getting CFF/CFF2 support and for harfbuzz. Recently we opened a harfbuzz issue and it got fixed very quickly which was really nice.

Vlad: for next call aim to be on June 10th, possible might need to postpone to 17th due to availability.

<ChrisL> Looks like some of the fetch stuff was moved to css-cascade-4

<ChrisL> https://github.com/w3c/csswg-drafts/commit/69379fb02650162271e2d4e6bd8c0c8f6bb27903

Minutes manually created (not a transcript), formatted by scribe.perl version 244 (Thu Feb 27 01:23:09 2025 UTC).

Diagnostics

No scribenick or scribe found. Guessed: Garret

Maybe present: Chris

All speakers: Chris, Garret, Skef, Vlad

Active on IRC: ChrisL, Garret, scott, skef, Vlad