Entries for December 2004
Markdown patch for link id bug
In using Markdown I found one problem, one I'm surprised hasn't been reported before. (I looked through the Markdown mailing list archive briefly, but didn't see anything on this; perhaps people consider the current behavior a feature, not a bug?) ...
Draft 5 of Mozilla CA certificate policy
I have published a new draft 5 of the proposed Mozilla CA certificate policy. For detailed line-by-line changes from the previous draft please see my posting in the netscape.public.mozilla.crypto newsgroup (aka the mozilla-crypto mailing list).
(Note that I have not yet updated the accompanying FAQ, but will try to do so in the next few days. Unfortunately for various reasons I will have less free time during the holiday season than I would normally, so I can't commit to getting this done right away.) ...
The basic principles I tried to follow in creating the this site were as follows:
- The site should be entirely text-based, with minimal or no use of graphics.
- All web pages on the site should validate as HTML 4.01 Strict.
- All web pages on the site should be accessible using URIs that hide the details of the particular content type or page generation mechanism associated with the page.
- The site should be a transparent upgrade from my previous site (created a few years ago), so that all previous URLs should continue to work. ...
This site is a mixture of static content and dynamic content served through the Blosxom blogging system. I use various URI rewriting rules and a number of Blosxom plugins (some slightly hacked) in order to implement the site according to my personal design philosophy. ...
Mozilla CA certificate metapolicy
I've been working on the Mozilla CA certificate policy for some time now. I've created a "metapolicy" to help guide how the final policy should look. Note that the metapolicy doesn't address any of the truly hard issues, like how to evaluate Certificate Authorities that haven't undergone WebTrust audits or other independent audits. That will have to wait for future work (and time for me to do it).
In the meantime I've been following a simple interim policy, one that is basically equivalent to Microsoft's policy: I'm approving CAs that have successfully passed a WebTrust for CAs audit, or an audit that (in my judgement) is "WebTrust equivalent".