UPDATE 2023-03-27: This page is obsolete, as it refers to a prior version of this blog. However, it may be of historical interest. If you’d like to receive full-text articles from this site as they are published, you can subcribe to one or more of the following feeds, in the formats indicated; simply cut and paste the URLs into your feed reader of choice. The Atom feeds are preferred; I maintain the RSS feeds only for older news aggregators that are not yet Atom-enabled. ...

UPDATE 2023-03-27: This page is obsolete, as it refers to a prior version of this blog. However, it may be of historical interest. In using Markdown I found one problem, one I’m surprised hasn’t been reported before. (I looked through the Markdown mailing list archive briefly, but didn’t see anything on this; perhaps people consider the current behavior a feature, not a bug?) I make extensive (really, almost exclusive) use of reference-style links, and noticed problems when I word-wrapped my paragraphs, so that the resulting text looked something like the following: ...

I have published a new draft 5 of the proposed Mozilla CA certificate policy. For detailed line-by-line changes from the previous draft please see my posting in the netscape.public.mozilla.crypto newsgroup (aka the mozilla-crypto mailing list). (Note that I have not yet updated the accompanying FAQ, but will try to do so in the next few days. Unfortunately for various reasons I will have less free time during the holiday season than I would normally, so I can’t commit to getting this done right away.) ...

UPDATE 2023-03-27: This page is obsolete, as it refers to a prior version of this blog. However, it may be of historical interest. The basic principles I tried to follow in creating the this site were as follows: The site should be entirely text-based, with minimal or no use of graphics. All web pages on the site should validate as HTML 4.01 Strict. All web pages on the site should be accessible using URIs that hide the details of the particular content type or page generation mechanism associated with the page. The site should be a transparent upgrade from my previous site (created a few years ago), so that all previous URLs should continue to work. The following sections expand on these points: ...

UPDATE 2023-03-27: This page is obsolete, as it refers to a prior version of this blog. However, it may be of historical interest. This site is a mixture of static content and dynamic content served through the Blosxom blogging system. I use various URI rewriting rules and a number of Blosxom plugins (some slightly hacked) in order to implement the site according to my personal design philosophy. Overall implementation As mentioned above, my site is (for the most part) powered either directly or indirectly by Blosxom. I use three different approaches to serving site content: ...

I’ve been working on the Mozilla CA certificate policy for some time now. I’ve created a “metapolicy” to help guide how the final policy should look. Note that the metapolicy doesn’t address any of the truly hard issues, like how to evaluate Certificate Authorities that haven’t undergone WebTrust audits or other independent audits. That will have to wait for future work (and time for me to do it). In the meantime I’ve been following a simple interim policy, one that is basically equivalent to Microsoft’s policy: I’m approving CAs that have successfully passed a WebTrust for CAs audit, or an audit that (in my judgement) is “WebTrust equivalent.”

UPDATE 2023-03-27: This page is obsolete, as it refers to a prior version of this blog. However, it may be of historical interest. Here I document the way in which I use URI rewriting (along with redirection and a couple of Blosxom plugins) to help implement my personal design philosophy for my web site. My goal is to create a unified URI space within which static and dynamic content can transparently co-exist, with publicly-visible URIs for human-readable content (i.e., HTML pages) having a canonical form that omits file extensions or other content type specifiers. ...

UPDATE 2023-03-27: This page is obsolete, as it refers to a prior version of this blog. However, it may be of historical interest. As noted in my discussion of URI rewriting, we can use Apache to enforce canonical URI forms for HTML files and directories, but need to use a plugin to enforce canonical forms for URIs handled by Blosxom. I’ve thus written a new canonicaluri plugin that checks to see whether the requested URI is in the canonical form for the type of page being requested, and if necessary does a browser redirect to the canonical form of the URI. ...

UPDATE 2023-03-27: This page is obsolete, as it refers to a prior version of this blog. However, it may be of historical interest. I’ve tried to make this site accessible to as many people as possible; here I describe the accessibility features of this site. (This statement is based on Mark Pilgrim’s accessibility statement.) If you have any questions or comments about the accessibility of this site, feel free to email me at the address found elsewhere on this site. ...