diff --git a/example/primary/.well-known/vep b/example/primary/.well-known/browserid
similarity index 100%
rename from example/primary/.well-known/vep
rename to example/primary/.well-known/browserid
diff --git a/lib/browserid/views.js b/lib/browserid/views.js
index 43b25bcb28302417cc124a05209d67b1be533c94..92801b915ba13d673dd2272bb4c0ea16aa6a18a3 100644
--- a/lib/browserid/views.js
+++ b/lib/browserid/views.js
@@ -116,13 +116,28 @@ exports.setup = function(app) {
 
   try {
     const publicKey = secrets.loadPublicKey();
+    const pkAsString = JSON.stringify(publicKey.toSimpleObject());
   } catch(e){
     logger.error("can't read public key, exiting: " + e);
-    setTimeout(function() { process.exit(1); }, 0);
+    process.nextTick(function() { process.exit(1); });
   }
 
-  // the public key
+  // the public key (This location is DEPRECATED)
   app.get("/pk", function(req, res) {
     res.json(publicKey.toSimpleObject());
   });
+
+  // the "declaration of support" style publishing of the public key.
+  // BrowserID.org is a (uh, THE) secondary, it should publish its key
+  // in a manner that is symmetric with how primaries do.  At present,
+  // the absence of 'provisioning' and 'authentication' keys indicates
+  // that this is a secondary, and verifiers should only trust
+  // browserid.org as a secondary (and anyone else they decide to for
+  // whatever reason).
+  app.get("/.well-known/browserid", function(req, res) {
+    res.render('declaration_of_support.ejs', {
+      key: pkAsString,
+      layout: false
+    });
+  });
 };
diff --git a/lib/primary.js b/lib/primary.js
index 9bf190e9c585ba5ac7de4aee313c2728220566d1..3ec678df4aa31319d48b69b8da632e66f71c74d0 100644
--- a/lib/primary.js
+++ b/lib/primary.js
@@ -48,9 +48,9 @@ vep = require("jwcrypto/vep"),
 jwt = require("jwcrypto/jwt"),
 config = require("./configuration.js");
 
-const WELL_KNOWN_URL = "/.well-known/vep";
+const WELL_KNOWN_URL = "/.well-known/browserid";
 
-// cache .well-known/vep for six hours
+// cache .well-known/browserid for six hours
 const MAX_CACHE_MS = (6 * 60 * 60 * 1000);
 
 function parseWellKnownBody(body, domain) {
@@ -150,13 +150,13 @@ exports.checkSupport = function(domain, cb) {
 
 // Support "shimmed primaries" for local development.  That is an environment variable that is any number of
 // CSV values of the form:
-//  <domain>|<origin>|<path to .well-known/vep>,
+//  <domain>|<origin>|<path to .well-known/browserid>,
 // where 'domain' is the domain that we would like to shim.  'origin' is the origin to which traffic should
-// be directed, and 'path to .well-known/vep' is a path to the vep file for the domain
+// be directed, and 'path to .well-known/browserid' is a path to the browserid file for the domain
 //
 // defining this env var will pre-seed the cache so local testing can take place.  example:
 //
-// SHIMMED_PRIMARIES=eyedee.me|http://127.0.0.1:10005|example/primary/.well-known/vep
+// SHIMMED_PRIMARIES=eyedee.me|http://127.0.0.1:10005|example/primary/.well-known/browserid
 
 if (process.env['SHIMMED_PRIMARIES']) {
   var shims = process.env['SHIMMED_PRIMARIES'].split(',');
diff --git a/resources/views/declaration_of_support.ejs b/resources/views/declaration_of_support.ejs
new file mode 100644
index 0000000000000000000000000000000000000000..a7381f0c71edde1f4a0abf5cf1751bc9d1b7c588
--- /dev/null
+++ b/resources/views/declaration_of_support.ejs
@@ -0,0 +1,3 @@
+{
+    "public-key": <%- key %>
+}
diff --git a/scripts/run_locally.js b/scripts/run_locally.js
index 36d92d77988891c0e2b652062f5aa453147874fc..e7da1212a1c5c1df0a7bc7c2e35fed0523d94d74 100755
--- a/scripts/run_locally.js
+++ b/scripts/run_locally.js
@@ -47,7 +47,7 @@ var daemonsToRun = {
 
 // all spawned process that use handle primaries should know about "shimmed"
 // primaries
-process.env['SHIMMED_PRIMARIES'] = "example.domain|http://" + HOST + ":10005|" + path.join(__dirname, "..", "example", "primary", ".well-known", "vep");
+process.env['SHIMMED_PRIMARIES'] = "example.domain|http://" + HOST + ":10005|" + path.join(__dirname, "..", "example", "primary", ".well-known", "browserid");
 
 // all spawned processes should log to console
 process.env['LOG_TO_CONSOLE'] = 1;
diff --git a/tests/page-requests-test.js b/tests/page-requests-test.js
index d5ca4a5c03920fe461947994c0833fb7050bbb23..7e193cecf6dea8ddf1c73344f5efcc2e6bd7459d 100755
--- a/tests/page-requests-test.js
+++ b/tests/page-requests-test.js
@@ -64,6 +64,7 @@ suite.addBatch({
   'GET /verify_email_address':   respondsWith(200),
   'GET /add_email_address':      respondsWith(200),
   'GET /pk':                     respondsWith(200),
+  'GET /.well-known/browserid':  respondsWith(200),
   'GET /signin':                 respondsWith(200),
   'GET /unsupported_dialog':     respondsWith(200),
   'GET /developers':             respondsWith(200),