I'm Shumon Huque, a software engineer and technologist. You can read more about me here.

Recent Posts

Don’t Go Unsigned

less than 1 minute read

At the ICANN 79 DNSSEC & Security Workshop, I gave a talk, with Eric Osterweil, on why you shouldn’t unsign your DNS zone during algorithm rollovers and...

Greasing DNS Extension Points

less than 1 minute read

Mark Andrews (ISC) and I have published an initial version of a new Internet Draft on Greasing Protocol Extension Points in the DNS.

RFC 9471 published

less than 1 minute read

DNS Glue Requirements in Referral Responses has just been published as RFC 9471. Co-authored with Mark Andrews, Paul Wouters, and Duane Wessels.

DNS-OARC talk on DNSSEC Experience

less than 1 minute read

I just returned from the 40th DNS-OARC Workshop in Atlanta, Georgia, a small DNS focussed conference, run by DNS-OARC.

OARC Talk on DANE

less than 1 minute read

I was in Philadelphia for the 38th DNS-OARC Workshop.

Website Reboot

less than 1 minute read

It’s finally time to redo my website a bit.

RFC 9102 Published (TLS DNSSEC Chain)

less than 1 minute read

RFC 9102: “TLS DNSSEC Chain Extension”, was finally published as “experimental” – a few years after a long, acrimonious battle in the IETF TLS WG to get it p...

Swedish Internet Foundation on Multi-Signer

less than 1 minute read

The Swedish Internet Foundation published an article yesterday, “Solving the decade old problem with Multi-Signer DNSSEC”, mentioning my work and collaborat...

ICANN70 DNSSEC Panel

less than 1 minute read

Recording of the ICANN70 DNSSEC Panel, in which I participated.

RFC 8901 published

less than 1 minute read

Multi-Signer DNSSEC Models has just been published as RFC 8901.

DANE library in Go

less than 1 minute read

I’ve developed a DANE TLS authentication library in Go recently, which is available on Github:

Iterative DNS resolution testing tool

1 minute read

Since I’ve been trapped at home due to the pandemic and have more free time, I’ve recently enhanced my command line iterative DNS resolution testing tool, “r...

Delegation Revalidation by DNS Resolvers

1 minute read

I’ve been working recently on a new IETF draft document on Delegation Revalidation by DNS Resolvers, with collaborators Paul Vixie, CEO of Farsight Security,...

Multi-Signer DNSSEC Models approved as RFC

1 minute read

The Multi-Signer DNSSEC Models draft that I’ve been working on for the past couple of years, has been approved by the IESG (Internet Engineering Steering Gro...

NS1 Press Release on Multi-Signer DNSSEC

less than 1 minute read

DNS Company, NS1 today issued a press release on their collaboration with Salesforce (my employer) on the specification and implementation of Multi-Signer DN...

APNIC DANE blog

less than 1 minute read

APNIC invited me to write a guest article for their blog, elaborating on my ‘Whither DANE’ lighting talk at the DNS-OARC 30 workshop in May. It just went up ...

Whither DANE?

11 minute read

At the recent DNS-OARC workshop, I gave a short talk on current prospects for DANE adoption. This generated a fair amount of subsequent discusion and comment...