I live in the Baltimore/Washington area and work for the government sales group of IronKey. For more about me and what I'm doing, see the “Personal” section of this site and my blog.

Entries for 2004

Markdown patch for link id bug

In using Markdown I found one problem, one I'm surprised hasn't been reported before. (I looked through the Markdown mailing list archive briefly, but didn't see anything on this; perhaps people consider the current behavior a feature, not a bug?) ...

Draft 5 of Mozilla CA certificate policy

I have published a new draft 5 of the proposed Mozilla CA certificate policy. For detailed line-by-line changes from the previous draft please see my posting in the netscape.public.mozilla.crypto newsgroup (aka the mozilla-crypto mailing list).

(Note that I have not yet updated the accompanying FAQ, but will try to do so in the next few days. Unfortunately for various reasons I will have less free time during the holiday season than I would normally, so I can't commit to getting this done right away.) ...

Design philosophy

The basic principles I tried to follow in creating the this site were as follows:

  • The site should be entirely text-based, with minimal or no use of graphics.
  • All web pages on the site should validate as HTML 4.01 Strict.
  • All web pages on the site should be accessible using URIs that hide the details of the particular content type or page generation mechanism associated with the page.
  • The site should be a transparent upgrade from my previous site (created a few years ago), so that all previous URLs should continue to work. ...


This site is a mixture of static content and dynamic content served through the Blosxom blogging system. I use various URI rewriting rules and a number of Blosxom plugins (some slightly hacked) in order to implement the site according to my personal design philosophy. ...

Mozilla CA certificate metapolicy

I've been working on the Mozilla CA certificate policy for some time now. I've created a "metapolicy" to help guide how the final policy should look. Note that the metapolicy doesn't address any of the truly hard issues, like how to evaluate Certificate Authorities that haven't undergone WebTrust audits or other independent audits. That will have to wait for future work (and time for me to do it).

In the meantime I've been following a simple interim policy, one that is basically equivalent to Microsoft's policy: I'm approving CAs that have successfully passed a WebTrust for CAs audit, or an audit that (in my judgement) is "WebTrust equivalent".

URI rewriting and canonical URIs

Here I document the way in which I use URI rewriting (along with redirection and a couple of Blosxom plugins) to help implement my personal design philosophy for my web site. My goal is to create a unified URI space within which static and dynamic content can transparently co-exist, with publicly-visible URIs for human-readable content (i.e., HTML pages) having a canonical form that omits file extensions or other content type specifiers. ...

Enforcing canonical URIs for Blosxom pages

As noted in my discussion of URI rewriting, we can use Apache to enforce canonical URI forms for HTML files and directories, but need to use a plugin to enforce canonical forms for URIs handled by Blosxom. I've thus written a new canonicaluri plugin that checks to see whether the requested URI is in the canonical form for the type of page being requested, and if necessary does a browser redirect to the canonical form of the URI. ...

Accessibility statement for www.hecker.org

I've tried to make this site accessible to as many people as possible; here I describe the accessibility features of this site. (This statement is based on Mark Pilgrim's accessibility statement.) If you have any questions or comments about the accessibility of this site, feel free to email me at hecker@hecker.org. ...