David A. Wheeler's Blog

Mon, 15 Nov 2010

HTML version of “Fully Countering Trusting Trust through Diverse Double-Compiling”

I’ve now posted an HTML version of my PhD dissertation, “Fully Countering Trusting Trust through Diverse Double-Compiling”. This has been available as a PDF for some time, but in some cases an HTML version is more convenient (e.g., for small devices like cell phones or browsers that don’t have PDF readers). This dissertation describes an effective countermeasure for the nasty trusting trust attack; see my page about countering trusting trust or the dissertation itself for more information.

The HTML is very simple HTML that should be acceptable nearly universally. If you’re curious, I generated the HTML from OpenOffice.org, ran HTML tidy, and cleaned up the results a little further (via a simple script I created for the purpose and by hand). I eliminated all forced font names, for example. The goal was to create simple HTML that pretty much any web browser can display reasonably well, both today and into the future. For example, even browsers that can’t handle CSS or <div> should produce reasonable results. People should even be able to read the HTML directly, if they want to, without too much trouble. This is all part of my effort to make sure that anyone who wants this information can get it, either now or in the future.

The HTML almost passes the W3C HTML Validator, but I drew the line at the “absmiddle” value for the “align” attribute. The official HTML4 specification does not not include align=absmiddle, but this is widely implemented by all major browsers, so I view its omission as an error in the HTML spec. I do use in-line <center>, <b>, and <i>; some people may whine about that, but it’s completely standard and universally supported, while alternatives are not universally supported.

I tested on a variety of browsers, and it seems to come out well. The Wii web browser (based on Opera 9) doesn’t seem to handle certain entities that are part of the Unicode and ISO 10646 specification, and shows rectangles instead. But since these are standard characters, I view this as a problem with the browser:

• Entity &8203; (&x200B;) is the zero-width space (ZWSP), U+200B. This is supported by many browsers (such as Firefox), but not all (I know that Internet Explorer 6 and below, and the Wii browser based on Opera 9, show these as unknown). Still, browsers should support it, as it’s part of Unicode, and it doesn’t badly break the page for the ones that don’t. An alternative is <wbr>, but that’s nonstandard and STILL doesn’t work in many places. One page notes, “Given that this (wbr) is a non-standard element with imperfect support, use the wbr with caution”. So, for word breaks, I’m just using the standard HTML entity for it.
• Entity &8288; (&x2060;) is the word joiner (WJ), U+2060. This specially indicates where words should NOT be split. Again, supported by Firefox, but not by all (e.g., Wii based on Opera).

For many of the equations I use embedded graphic images, primarily because many systems do not have the fonts necesssary to display them. I do include alt=… values so that blind users will be able to understand them — this is intended to be accessible.

Ideally, I’d be able to write stuff that’s both HTML and XHTML. I can almost pull that off, but not with <br>. It’d be nice to use <br /> because in theory that would work in both HTML and XHTML. But many tools complain. So I just use <br>, which is standard and completely understood by all HTML parsers.

I now have a few errata, which are posted on the main page about countering the trusting trust attack. They are all trivial typos, and do not affect the fundamentals discussed in the paper.

So, feel free to take a peek at my HTML version of my PhD dissertation or my general page about countering the trusting trust attack.

path: /security | Current Weblog | permanent link to this entry