Skip to the Main Content

Note:These pages make extensive use of the latest XHTML and CSS Standards. They ought to look great in any standards-compliant modern browser. Unfortunately, they will probably look horrible in older browsers, like Netscape 4.x and IE 4.x. Moreover, many posts use MathML, which is, currently only supported in Mozilla. My best suggestion (and you will thank me when surfing an ever-increasing number of sites on the web which have been crafted to use the new standards) is to upgrade to the latest version of your browser. If that's not possible, consider moving to the Standards-compliant and open-source Mozilla browser.

March 9, 2004

<link rel="pgpkeys">, Sean Carroll and Atom

Since publicly proposing the idea a week and a half ago, I’ve noticed an increasing number of personal websites sporting

<link rel="pgpkey" type="application/pgp-keys" href="..." />

links to the owner’s PGP Public Key.

No, I don’t go around viewing the source of every weblog I visit. These links appear in the “More” menu of the Site Navigation Bar in Mozilla.

I’m really pleased to see this being rapidly adopted. But there are a couple of things that site owners can do to make it even more useful.

  1. Give the <link> a title attribute, saying whose key it is (mine says “title="Jacques Distler's PGP Public Key"”). If you have a multi-author blog, put up a separate <link> for each author’s Public Key, and identify each one with a title attribute.
  2. Make sure the key file(s) are served up as application/pgp-keys. Surfers who configure a Helper App in their browser for that MIME type can then add the Public Key to their Keychain with a single click.

I know I’m slow on the uptake, but Sean Carroll has a blog. I’ve added it to my BlogRoll. But you’ll note that, despite it having an Atom Feed, I haven’t syndicated it. mt-rssfeed doesn’t support Atom feeds yet, and Blogger, apparently, does some really funky stuff with the <summary> element of their Atom feeds.

Posted by distler at March 9, 2004 8:50 AM

TrackBack URL for this Entry:   http://golem.ph.utexas.edu/cgi-bin/MT-3.0/dxy-tb.fcgi/325



19 Comments & 3 Trackbacks

Re: <link rel="pgpkeys">, Sean Carroll and Atom

I’ve been using Firebird/Firefox for several months now. You just reminded me of the one feature of mozilla that I really miss: the site nav bar. I know it’s not something that the average user needs, but I sure wish that Firefox had it.

Posted by: Scott Johnson on March 9, 2004 8:01 PM | Permalink | Reply to this

Re: <link rel="pgpkeys">, Sean Carroll and Atom

Link Toolbar for Fire*: http://extensionroom.mozdev.org/clav/#linktoolbar

Note, it shows up down in the status bar.

Posted by: Matthew Ernest on March 9, 2004 9:27 PM | Permalink | Reply to this
Read the post Sean Carroll's blog
Weblog: Lundi Pundi
Excerpt: Just learned from Jacques Distler that apparently also the famous physicist Sean Carroll runs a blog called Preposterous Universe. Please check it out!...
Tracked: March 13, 2004 8:43 AM

Re: <link rel="pgpkeys">, Sean Carroll and Atom

While at first I accepted this without question, upon looking up the W3C recognized linktypes, it would seem that rel="appendix" type="..." title="Public Key" would be more accurate.

The public key is not related directly to the page being viewed because the page is not encrypted in anyway. This is metadata about the author of the site. As it is added to the site, it could be considered an add-on, or appendix, to the site.

Posted by: David Engel on May 6, 2004 2:21 PM | Permalink | Reply to this

Re: <link rel="pgpkeys">, Sean Carroll and Atom

  1. There need not be a single “author” and so we allow multiple <link rel="pgpkey"> elements on the page. We suggest using the optional title attribute to identify whose key it is.
  2. I am not convinced that <link rel="pgpkey"> is any different than (say) <link rel="EditURI">. Both are, in some weak sense, metadata about the page.
  3. rel="appendix" is clearly not the appropriate link type. The W3C describes that as “Refers to a document serving as an appendix in a collection of documents.” Perhaps I might be convinced that rel="meta" might be appropriate. But that seems rather vague. To be useful and unambiguous, I think an explicit linktype is called-for.
  4. Perhaps it might be time to put some actual content at http://purl.org/net/pgpkey/
Posted by: Jacques Distler on May 6, 2004 5:16 PM | Permalink | PGP Sig | Reply to this
Read the post A Tale of woe
Weblog: Transcendent Ether
Excerpt: In order to provide server-side verification using OpenPGPComments, the Perl module Crypt::OpenPGP is required. Among the prerequisite modules for Crypt::OpenPGP (there are several) is Math::Pari....
Tracked: May 14, 2004 1:16 PM
Read the post PGP, P3P, and licenses
Weblog: Transcendent Ether
Excerpt: While working on OpenPGPComment and reading the discussion concerning providing a readily accessible means of supplying a PGP public key, I not only thought the...
Tracked: May 14, 2004 9:15 PM

Re: <link rel="pgpkeys">, Sean Carroll and Atom

I’ve got a question:

I’ve added the link tag to my site, including the title attribute. When I visit my site, the keyfile shows up in Mozilla’s toolbar as expected, but when I select it, Mozilla displays the text of the keyfile in the browser window. When I select the key for your site, the file’s downloaded and passed to PGPkeys.

Is there a trick to forcing the file download?

Posted by: Todd Sternisha on August 20, 2004 3:16 PM | Permalink | Reply to this

MIME-types

The answer to all good questions is “MIME-types”.

Something is horked on your server, and the keyfile is not being sent with the correct MIME-type. You try getting your provider to fix the problem, or you can try adding

RewriteEngine On
RewriteRule sternisha.asc - [T=application/pgp-keys]

to your .htaccess file. This uses mod_rewrite to set the MIME-type of the keyfile.

Posted by: Jacques Distler on August 20, 2004 9:16 PM | Permalink | PGP Sig | Reply to this

If the key fits …

Oh, yeah. If you have your key up on your site, get into the habit of signing your comments (here and at other blogs that support signed comments).

Posted by: Jacques Distler on August 20, 2004 10:18 PM | Permalink | PGP Sig | Reply to this

Re: <link rel="pgpkeys">, Sean Carroll and Atom

Worked like a charm; thanks a million, Jaques. And I’ll get into the
habit; I didn’t have PGP installed at work at the time!

Posted by: Todd Sternisha on September 13, 2004 1:22 AM | Permalink | PGP Sig | Reply to this

Re: <link rel="pgpkeys">, Sean Carroll and Atom

Heck. Too bad you can’t authenticate to delete your own duplicate
comments.

Posted by: Todd Sternisha on September 13, 2004 1:25 AM | Permalink | PGP Sig | Reply to this

Duplicate comment

I deleted the duplicate comment.

But you do propose a very interesting idea. Why not use their PGP signature to allow commenters to edit their comments?

I shall have to think about (or convince someone with greater skills than I to think about) how to implement that.

Posted by: Jacques Distler on September 13, 2004 1:35 AM | Permalink | PGP Sig | Reply to this

PGP to editing

I vote for making Srijith write it. After all, he didn’t get here first to nominate me.

Posted by: Phil Ringnalda on September 13, 2004 2:51 AM | Permalink | PGP Sig | Reply to this

sorry for waking an old post but…

i’m trying to get this working on my blog, but for some reason my host’s server keeps sending the file > as text/plain. would contacting my host and getting them to change their MIME type settings server-side fix this?

my site

and key

sorry for bringing up this old post but i’d like some help with this

Posted by: scott on January 24, 2005 7:52 PM | Permalink | Reply to this

Setting the MIME Type

Comments are always open for a reason

You may be able to get your webhost to set the desired MIME type at the server level (he would do it with the AddType directive below).

Alternatively, if you have the ability to use a .htaccess file, there are a couple of different methods for adding the correct MIME type support just in your area.

  1. Use an
    AddType application/pgp-keys asc
    directive.
  2. Use mod_rewrite
    RewriteEngine On 
RewriteRule \.asc$ - [T=application/pgp-keys]

There are probably other ways, but those are the two that occur to me off the top of my head. Hopefully one will work for you.

Posted by: Jacques Distler on January 24, 2005 11:32 PM | Permalink | PGP Sig | Reply to this

Re: Setting the MIME Type

thanks for the feedback. yes, i read your post above but just wanted to confirm. i don’t have access to enable these settings so am waiting on my ISP to make the changes. they have approved this, however.

Posted by: scott on January 25, 2005 6:40 AM | Permalink | Reply to this

Re: Setting the MIME Type

This is a test of automatic comment acceptance with an anchor tag without the nofollow attribute.

Posted by: mike on March 5, 2005 9:17 PM | Permalink | PGP Sig | Reply to this

File Extensions

I should have said that the above instructions tacitly assumed that the file extension for application/pgp-keys is “.asc”, not “.aexpk”. You can change them appropriately for your file

I also might have mentioned that I answered this question above. You got the improved version of the answer with two independent techniques for setting the MIME type.

Posted by: Jacques Distler on January 24, 2005 11:44 PM | Permalink | PGP Sig | Reply to this

Re: File Extensions

correct me if i’m wrong, and i guess i am, but i was following on from the information on websnob’s article about distributing pgp keys - http://www.bauser.com/websnob/keydist.html.

This is why using .aexpk for keys makes assigned media types easier, since most webservers limit you to one media type per file extension. Using .aexpk for keys saves .asc for when you want to publish signed or encrypted files.

Some Windows and Macintosh versions of PGP associate the .aexpk file extension with PGP keys. If you use that extension for your public key, you make life a little easier for people who download your key (because you’re making sure the key gets assigned a distinct icon when it appears on their screens), and you make it easier to configure your web server (because most webservers assign media types based on file extension – see below).

so, i guess either filetype would be okay, right?

Posted by: scott on January 25, 2005 6:50 AM | Permalink | Reply to this

Re: File Extensions

RFC 3156 (see sections 9.2, 9.3) defines the MIME types and associated file extensions used by the OpenPGP standard. The application/pgp-keys MIME type (ASCII-armored PGP key files) is associated with the .asc file extension. The application/pgp-signature MIME type (detached PGP signature files) is associated with the file extensions .asc, .sig.

It’s a bit inconvenient having .asc associated to both MIME types. (Personally, I try to always use .sig for detached signatures and .asc for key files.) So PGP Corp made up a new file extension, .aexpk, for the former. Perhaps a good idea, but not ratified by any RFC (to my knowledge), so potentially dodgy for interoperability with other OpenPGP implementations.

In the case at hand, it doesn’t really matter what file extension you use, as long as the MIME type gets set correctly. I’ve described how to do that, both globally and (using mod_rewrite) even on a file-by-file basis.

Posted by: Jacques Distler on January 25, 2005 8:43 AM | Permalink | PGP Sig | Reply to this

Re: <link rel="pgpkeys">, Sean Carroll and Atom

thanks, Jacques. i have it working now. cheers for being so helpful and informative.

Posted by: scott on January 25, 2005 6:07 PM | Permalink | Reply to this

Post a New Comment