Don’t Go Unsigned
At the ICANN 79 DNSSEC & Security Workshop, I gave a talk, with Eric Osterweil, on why you shouldn’t unsign your DNS zone during algorithm rollovers and...
Posts by Tag
- dnssec 24
- dns 19
- ipv6 7
- ietf 6
- dane 5
- tls 4
- upenn 3
- photos 3
- national park 3
- dns-oarc 3
- networking 2
- internet2 2
- privacy 2
- zoo 2
- website 2
- web 2
- salesforce 2
- software 2
- job 1
- stanford 1
- accelerator 1
- physics 1
- pki 1
- philadelphia 1
- amplification 1
- dlv 1
- usenix 1
- verisign 1
- oarc 1
- singapore 1
- village 1
- bangladesh 1
- arecibo 1
- observatory 1
- puerto rico 1
- astronomy 1
- london 1
- sightseeing 1
- volunteering 1
- equestrian 1
- horses 1
- montreal 1
- vacation 1
- canada 1
- rockies 1
- banff 1
- jasper 1
- san diego 1
- anza borrego desert 1
- state park 1
- ns1 1
- resolver 1
- delegation 1
- revalidation 1
- golang 1
- evolution 1
- rfc 1
- glue 1
- provisioning 1
- automation 1
- extension 1
- points 1
- greasing 1
- unsigning 1
dnssec
Automation of DNSSEC Provisioning and Maintenance
I was in Da Nang, Vietnam in September for the 41st DNS-OARC Workshop.
RFC 9471 published
DNS Glue Requirements in Referral Responses has just been published as RFC 9471. Co-authored with Mark Andrews, Paul Wouters, and Duane Wessels.
DNS-OARC talk on DNSSEC Experience
I just returned from the 40th DNS-OARC Workshop in Atlanta, Georgia, a small DNS focussed conference, run by DNS-OARC.
Invited Talk at University of Virginia
I was invited to give a talk at the University of Virginia’s ECE distinguished seminar series.
OARC Talk on DANE
I was in Philadelphia for the 38th DNS-OARC Workshop.
Multi-Signer DNSSEC at APNIC Blog
APNIC published my article on Multi-Signer DNSSEC Models today on their blog.
RFC 9102 Published (TLS DNSSEC Chain)
RFC 9102: “TLS DNSSEC Chain Extension”, was finally published as “experimental” – a few years after a long, acrimonious battle in the IETF TLS WG to get it p...
Swedish Internet Foundation on Multi-Signer
The Swedish Internet Foundation published an article yesterday, “Solving the decade old problem with Multi-Signer DNSSEC”, mentioning my work and collaborat...
ICANN70 DNSSEC Panel
Recording of the ICANN70 DNSSEC Panel, in which I participated.
RFC 8901 published
Multi-Signer DNSSEC Models has just been published as RFC 8901.
DANE library in Go
I’ve developed a DANE TLS authentication library in Go recently, which is available on Github:
Iterative DNS resolution testing tool
Since I’ve been trapped at home due to the pandemic and have more free time, I’ve recently enhanced my command line iterative DNS resolution testing tool, “r...
Multi-Signer DNSSEC Models approved as RFC
The Multi-Signer DNSSEC Models draft that I’ve been working on for the past couple of years, has been approved by the IESG (Internet Engineering Steering Gro...
NS1 Press Release on Multi-Signer DNSSEC
DNS Company, NS1 today issued a press release on their collaboration with Salesforce (my employer) on the specification and implementation of Multi-Signer DN...
APNIC DANE blog
APNIC invited me to write a guest article for their blog, elaborating on my ‘Whither DANE’ lighting talk at the DNS-OARC 30 workshop in May. It just went up ...
Whither DANE?
At the recent DNS-OARC workshop, I gave a short talk on current prospects for DANE adoption. This generated a fair amount of subsequent discusion and comment...
Key Transparency for DNSSEC?
At the recent IETF meeting in Toronto, there was an interesting discussion in the trans working group on DNSSEC certificate transparency, and there is a (ver...
EDU Top Level Domain statistics
Some DNS Top Level Domain (TLD) operators publish statistics about their DNS zones. Some others have a zone file access program that allows others to examine...
USENIX interviews - IPv6 and DNSSEC
I’m giving full day tutorials on IPv6 and DNSSEC at the upcoming USENIX LISA conference in Washington DC in November. Matt Simmons interviewed me about both ...
ISC DLV registry usage
On a LinkedIn forum, Dan York of the Internet Society recently asked a question about who still uses the ISC DNSSEC Lookaside Validation (DLV) registry. Whil...
ISOC ION Panel - Advancing the Network
“I tend to think of IPv6 & DNSSEC both a little bit like global warming … something that is developing kind of slowly … they’re both inevitable, it’s a j...
DNSSEC and Certificates
DNSSEC is a system to verify the authenticity of DNS data using public key signatures. With increasing deployment of DNSSEC comes the possibility of applicat...
A targeted survey of DNSSEC deployment
I’ve been working on a DNS and DNSSEC monitoring project, which is available at
dns
Don’t Go Unsigned
At the ICANN 79 DNSSEC & Security Workshop, I gave a talk, with Eric Osterweil, on why you shouldn’t unsign your DNS zone during algorithm rollovers and...
Greasing DNS Extension Points
Mark Andrews (ISC) and I have published an initial version of a new Internet Draft on Greasing Protocol Extension Points in the DNS.
Automation of DNSSEC Provisioning and Maintenance
I was in Da Nang, Vietnam in September for the 41st DNS-OARC Workshop.
RFC 9471 published
DNS Glue Requirements in Referral Responses has just been published as RFC 9471. Co-authored with Mark Andrews, Paul Wouters, and Duane Wessels.
DNS-OARC talk on DNSSEC Experience
I just returned from the 40th DNS-OARC Workshop in Atlanta, Georgia, a small DNS focussed conference, run by DNS-OARC.
Invited Talk at University of Virginia
I was invited to give a talk at the University of Virginia’s ECE distinguished seminar series.
OARC Talk on DANE
I was in Philadelphia for the 38th DNS-OARC Workshop.
RFC 8901 published
Multi-Signer DNSSEC Models has just been published as RFC 8901.
Iterative DNS resolution testing tool
Since I’ve been trapped at home due to the pandemic and have more free time, I’ve recently enhanced my command line iterative DNS resolution testing tool, “r...
Delegation Revalidation by DNS Resolvers
I’ve been working recently on a new IETF draft document on Delegation Revalidation by DNS Resolvers, with collaborators Paul Vixie, CEO of Farsight Security,...
Multi-Signer DNSSEC Models approved as RFC
The Multi-Signer DNSSEC Models draft that I’ve been working on for the past couple of years, has been approved by the IESG (Internet Engineering Steering Gro...
Talks at Fall 2015 DNS-OARC Workshop
I attended the Fall 2015 DNS-OARC workshop in Montreal, Canada earlier this month. DNS-OARC is the “DNS Operations, Analysis, and Research Center”, and the p...
Qname Minimization talk
Qname Minimization @ DNS-OARC
Key Transparency for DNSSEC?
At the recent IETF meeting in Toronto, there was an interesting discussion in the trans working group on DNSSEC certificate transparency, and there is a (ver...
EDU Top Level Domain statistics
Some DNS Top Level Domain (TLD) operators publish statistics about their DNS zones. Some others have a zone file access program that allows others to examine...
DNS Amplification Attacks
There has been a lot of talk recently about DNS amplification attacks (with prominent news reports of high bandwidth attacks targeted at anti-spam services, ...
A targeted survey of DNSSEC deployment
I’ve been working on a DNS and DNSSEC monitoring project, which is available at
Penn’s DNS Zone
Some data from a quick analysis of the contents of the University of Pennsylvania’s primary DNS zone (upenn.edu):
IPv6 and DNS Classes I’m Teaching
I’m teaching two half day classes on IPv6 and DNS/DNSSEC at the LOPSA PICC conference (Professional IT Community Conference), being held May 11-12, 2012 in N...
ipv6
An IPv6 Success Story – Galois
The following article was contributed by Paul Heinlein, a systems administrator at Galois. Paul attended my full day IPv6 training course at USENIX LISA 2013...
USENIX interviews - IPv6 and DNSSEC
I’m giving full day tutorials on IPv6 and DNSSEC at the upcoming USENIX LISA conference in Washington DC in November. Matt Simmons interviewed me about both ...
ISOC ION Panel - Advancing the Network
“I tend to think of IPv6 & DNSSEC both a little bit like global warming … something that is developing kind of slowly … they’re both inevitable, it’s a j...
Internet2 IPv6 Panel recap
A few notes from last month’s IPv6 deployment panel at the Fall Internet2 Member Meeting in Philadelphia, which I moderated (October 2nd 2012). Watch the ent...
A Look at World IPv6 Launch Traffic
The World IPv6 Launch website has compiled a set of measurements at http://www.worldipv6launch.org/measurements/. I’ll take a quick look at some of them here...
IPv6 at Penn
World IPv6 Launch (June 6th 2012) is fast approaching, so I thought I’d share some details about IPv6 deployment at the University of Pennsylvania and what w...
IPv6 and DNS Classes I’m Teaching
I’m teaching two half day classes on IPv6 and DNS/DNSSEC at the LOPSA PICC conference (Professional IT Community Conference), being held May 11-12, 2012 in N...
ietf
RFC 9471 published
DNS Glue Requirements in Referral Responses has just been published as RFC 9471. Co-authored with Mark Andrews, Paul Wouters, and Duane Wessels.
RFC 8901 published
Multi-Signer DNSSEC Models has just been published as RFC 8901.
Multi-Signer DNSSEC Models approved as RFC
The Multi-Signer DNSSEC Models draft that I’ve been working on for the past couple of years, has been approved by the IESG (Internet Engineering Steering Gro...
APNIC DANE blog
APNIC invited me to write a guest article for their blog, elaborating on my ‘Whither DANE’ lighting talk at the DNS-OARC 30 workshop in May. It just went up ...
Whither DANE?
At the recent DNS-OARC workshop, I gave a short talk on current prospects for DANE adoption. This generated a fair amount of subsequent discusion and comment...
IETF102 and Montreal
I was in Montreal this month to attend IETF102 and several side meetings just before it.
dane
Invited Talk at University of Virginia
I was invited to give a talk at the University of Virginia’s ECE distinguished seminar series.
OARC Talk on DANE
I was in Philadelphia for the 38th DNS-OARC Workshop.
DANE library in Go
I’ve developed a DANE TLS authentication library in Go recently, which is available on Github:
APNIC DANE blog
APNIC invited me to write a guest article for their blog, elaborating on my ‘Whither DANE’ lighting talk at the DNS-OARC 30 workshop in May. It just went up ...
Whither DANE?
At the recent DNS-OARC workshop, I gave a short talk on current prospects for DANE adoption. This generated a fair amount of subsequent discusion and comment...
tls
RFC 9102 Published (TLS DNSSEC Chain)
RFC 9102: “TLS DNSSEC Chain Extension”, was finally published as “experimental” – a few years after a long, acrimonious battle in the IETF TLS WG to get it p...
DANE library in Go
I’ve developed a DANE TLS authentication library in Go recently, which is available on Github:
APNIC DANE blog
APNIC invited me to write a guest article for their blog, elaborating on my ‘Whither DANE’ lighting talk at the DNS-OARC 30 workshop in May. It just went up ...
Whither DANE?
At the recent DNS-OARC workshop, I gave a short talk on current prospects for DANE adoption. This generated a fair amount of subsequent discusion and comment...
upenn
I’ve left Penn for a new job
After more than 20 years of working at Penn (University of Pennsylvania), I’ve decided to take a new job as Principal Research Scientist at Verisign Labs, th...
IPv6 at Penn
World IPv6 Launch (June 6th 2012) is fast approaching, so I thought I’d share some details about IPv6 deployment at the University of Pennsylvania and what w...
Penn’s DNS Zone
Some data from a quick analysis of the contents of the University of Pennsylvania’s primary DNS zone (upenn.edu):
photos
Photos from Rocky Mountains
We went on vacation earlier this month to visit two US National Parks renowned for their spectacular natural scenery: Rocky Mountain National Park in Colorad...
Photos from Mt Rainier National Park
We went on vacation earlier this month to visit national parks in Washington State.
Philadelphia Skyline Photos
My colleague Deke Kassabian posted an older photo of the Philly skyline (that I’d taken a number of years ago) on his Facebook page. So I thought I’d post a ...
national park
Banff and Jasper Vacation
We visited Banff and Jasper National Parks in the Canadian Rockies earlier this month. It was unusually cool for this time of year, even for the Canadian Roc...
Photos from Rocky Mountains
We went on vacation earlier this month to visit two US National Parks renowned for their spectacular natural scenery: Rocky Mountain National Park in Colorad...
Photos from Mt Rainier National Park
We went on vacation earlier this month to visit national parks in Washington State.
dns-oarc
Automation of DNSSEC Provisioning and Maintenance
I was in Da Nang, Vietnam in September for the 41st DNS-OARC Workshop.
DNS-OARC talk on DNSSEC Experience
I just returned from the 40th DNS-OARC Workshop in Atlanta, Georgia, a small DNS focussed conference, run by DNS-OARC.
OARC Talk on DANE
I was in Philadelphia for the 38th DNS-OARC Workshop.
networking
Network Engineer openings at Penn
We have two job openings at the University of Pennsylvania for Network Engineers.
IPv6 at Penn
World IPv6 Launch (June 6th 2012) is fast approaching, so I thought I’d share some details about IPv6 deployment at the University of Pennsylvania and what w...
internet2
Internet2 IPv6 Panel recap
A few notes from last month’s IPv6 deployment panel at the Fall Internet2 Member Meeting in Philadelphia, which I moderated (October 2nd 2012). Watch the ent...
A targeted survey of DNSSEC deployment
I’ve been working on a DNS and DNSSEC monitoring project, which is available at
privacy
Invited Talk at University of Virginia
I was invited to give a talk at the University of Virginia’s ECE distinguished seminar series.
Qname Minimization talk
Qname Minimization @ DNS-OARC
zoo
San Diego Trip
I was in San Diego for a few days. The first day I visited the San Diego zoo, widely considered to be one the best. The second day I rented a car and drove o...
Singapore Zoo
Photos from the Singapore Zoo, which I visited with some IETF100 colleagues, on Nov 17th 2017.
website
Website Reboot
It’s finally time to redo my website a bit.
Website reboot
I’ve redone my website, something I’ve been planning to do for quite a while. I’m now using the Pelican static site generator. Over the next few days, I will...
web
APNIC DANE blog
APNIC invited me to write a guest article for their blog, elaborating on my ‘Whither DANE’ lighting talk at the DNS-OARC 30 workshop in May. It just went up ...
Whither DANE?
At the recent DNS-OARC workshop, I gave a short talk on current prospects for DANE adoption. This generated a fair amount of subsequent discusion and comment...
salesforce
DNS-OARC talk on DNSSEC Experience
I just returned from the 40th DNS-OARC Workshop in Atlanta, Georgia, a small DNS focussed conference, run by DNS-OARC.
NS1 Press Release on Multi-Signer DNSSEC
DNS Company, NS1 today issued a press release on their collaboration with Salesforce (my employer) on the specification and implementation of Multi-Signer DN...
software
DANE library in Go
I’ve developed a DANE TLS authentication library in Go recently, which is available on Github:
Iterative DNS resolution testing tool
Since I’ve been trapped at home due to the pandemic and have more free time, I’ve recently enhanced my command line iterative DNS resolution testing tool, “r...
job
Network Engineer openings at Penn
We have two job openings at the University of Pennsylvania for Network Engineers.
stanford
Stanford Linear Accelerator Tour
At the recent Joint Techs conference, our host Stanford University arranged a lunch time tour of the Stanford Linear Accelerator Center (SLAC) for a small gr...
accelerator
Stanford Linear Accelerator Tour
At the recent Joint Techs conference, our host Stanford University arranged a lunch time tour of the Stanford Linear Accelerator Center (SLAC) for a small gr...
physics
Stanford Linear Accelerator Tour
At the recent Joint Techs conference, our host Stanford University arranged a lunch time tour of the Stanford Linear Accelerator Center (SLAC) for a small gr...
pki
DNSSEC and Certificates
DNSSEC is a system to verify the authenticity of DNS data using public key signatures. With increasing deployment of DNSSEC comes the possibility of applicat...
philadelphia
Philadelphia Skyline Photos
My colleague Deke Kassabian posted an older photo of the Philly skyline (that I’d taken a number of years ago) on his Facebook page. So I thought I’d post a ...
amplification
DNS Amplification Attacks
There has been a lot of talk recently about DNS amplification attacks (with prominent news reports of high bandwidth attacks targeted at anti-spam services, ...
dlv
ISC DLV registry usage
On a LinkedIn forum, Dan York of the Internet Society recently asked a question about who still uses the ISC DNSSEC Lookaside Validation (DLV) registry. Whil...
usenix
USENIX interviews - IPv6 and DNSSEC
I’m giving full day tutorials on IPv6 and DNSSEC at the upcoming USENIX LISA conference in Washington DC in November. Matt Simmons interviewed me about both ...
verisign
I’ve left Penn for a new job
After more than 20 years of working at Penn (University of Pennsylvania), I’ve decided to take a new job as Principal Research Scientist at Verisign Labs, th...
oarc
Talks at Fall 2015 DNS-OARC Workshop
I attended the Fall 2015 DNS-OARC workshop in Montreal, Canada earlier this month. DNS-OARC is the “DNS Operations, Analysis, and Research Center”, and the p...
singapore
Singapore Zoo
Photos from the Singapore Zoo, which I visited with some IETF100 colleagues, on Nov 17th 2017.
village
Srimongol Village visit
We visited (completely unannounced) a small village in Srimongol, Bangladesh on this day. The locals (and especially the kids) were delighted to see us. And ...
bangladesh
Srimongol Village visit
We visited (completely unannounced) a small village in Srimongol, Bangladesh on this day. The locals (and especially the kids) were delighted to see us. And ...
arecibo
Arecibo Observatory
I’m in Puerto Rico for the DNS-OARC Workshop and ICANN 61 meeting. Yesterday, with some conference friends, we visited the world famous Arecibo Observatory. ...
observatory
Arecibo Observatory
I’m in Puerto Rico for the DNS-OARC Workshop and ICANN 61 meeting. Yesterday, with some conference friends, we visited the world famous Arecibo Observatory. ...
puerto rico
Arecibo Observatory
I’m in Puerto Rico for the DNS-OARC Workshop and ICANN 61 meeting. Yesterday, with some conference friends, we visited the world famous Arecibo Observatory. ...
astronomy
Arecibo Observatory
I’m in Puerto Rico for the DNS-OARC Workshop and ICANN 61 meeting. Yesterday, with some conference friends, we visited the world famous Arecibo Observatory. ...
london
Around London with my brother
I’ve been in London for nearly a week and a half for the IETF 101 meeting, and stayed the weekend after to visit and catch up with my (many) relatives here. ...
sightseeing
Around London with my brother
I’ve been in London for nearly a week and a half for the IETF 101 meeting, and stayed the weekend after to visit and catch up with my (many) relatives here. ...
volunteering
Volunteer Time at Spirit Open Equestrian
With work colleagues, I recently did some volunteering work at a local non-profit, Spirit Open Equestrian, which offers numerous healing programs involving t...
equestrian
Volunteer Time at Spirit Open Equestrian
With work colleagues, I recently did some volunteering work at a local non-profit, Spirit Open Equestrian, which offers numerous healing programs involving t...
horses
Volunteer Time at Spirit Open Equestrian
With work colleagues, I recently did some volunteering work at a local non-profit, Spirit Open Equestrian, which offers numerous healing programs involving t...
montreal
IETF102 and Montreal
I was in Montreal this month to attend IETF102 and several side meetings just before it.
vacation
Banff and Jasper Vacation
We visited Banff and Jasper National Parks in the Canadian Rockies earlier this month. It was unusually cool for this time of year, even for the Canadian Roc...
canada
Banff and Jasper Vacation
We visited Banff and Jasper National Parks in the Canadian Rockies earlier this month. It was unusually cool for this time of year, even for the Canadian Roc...
rockies
Banff and Jasper Vacation
We visited Banff and Jasper National Parks in the Canadian Rockies earlier this month. It was unusually cool for this time of year, even for the Canadian Roc...
banff
Banff and Jasper Vacation
We visited Banff and Jasper National Parks in the Canadian Rockies earlier this month. It was unusually cool for this time of year, even for the Canadian Roc...
jasper
Banff and Jasper Vacation
We visited Banff and Jasper National Parks in the Canadian Rockies earlier this month. It was unusually cool for this time of year, even for the Canadian Roc...
san diego
San Diego Trip
I was in San Diego for a few days. The first day I visited the San Diego zoo, widely considered to be one the best. The second day I rented a car and drove o...
anza borrego desert
San Diego Trip
I was in San Diego for a few days. The first day I visited the San Diego zoo, widely considered to be one the best. The second day I rented a car and drove o...
state park
San Diego Trip
I was in San Diego for a few days. The first day I visited the San Diego zoo, widely considered to be one the best. The second day I rented a car and drove o...
ns1
NS1 Press Release on Multi-Signer DNSSEC
DNS Company, NS1 today issued a press release on their collaboration with Salesforce (my employer) on the specification and implementation of Multi-Signer DN...
resolver
Delegation Revalidation by DNS Resolvers
I’ve been working recently on a new IETF draft document on Delegation Revalidation by DNS Resolvers, with collaborators Paul Vixie, CEO of Farsight Security,...
delegation
Delegation Revalidation by DNS Resolvers
I’ve been working recently on a new IETF draft document on Delegation Revalidation by DNS Resolvers, with collaborators Paul Vixie, CEO of Farsight Security,...
revalidation
Delegation Revalidation by DNS Resolvers
I’ve been working recently on a new IETF draft document on Delegation Revalidation by DNS Resolvers, with collaborators Paul Vixie, CEO of Farsight Security,...
golang
DANE library in Go
I’ve developed a DANE TLS authentication library in Go recently, which is available on Github:
evolution
Invited Talk at University of Virginia
I was invited to give a talk at the University of Virginia’s ECE distinguished seminar series.
rfc
RFC 9471 published
DNS Glue Requirements in Referral Responses has just been published as RFC 9471. Co-authored with Mark Andrews, Paul Wouters, and Duane Wessels.
glue
RFC 9471 published
DNS Glue Requirements in Referral Responses has just been published as RFC 9471. Co-authored with Mark Andrews, Paul Wouters, and Duane Wessels.
provisioning
Automation of DNSSEC Provisioning and Maintenance
I was in Da Nang, Vietnam in September for the 41st DNS-OARC Workshop.
automation
Automation of DNSSEC Provisioning and Maintenance
I was in Da Nang, Vietnam in September for the 41st DNS-OARC Workshop.
extension
Greasing DNS Extension Points
Mark Andrews (ISC) and I have published an initial version of a new Internet Draft on Greasing Protocol Extension Points in the DNS.
points
Greasing DNS Extension Points
Mark Andrews (ISC) and I have published an initial version of a new Internet Draft on Greasing Protocol Extension Points in the DNS.
greasing
Greasing DNS Extension Points
Mark Andrews (ISC) and I have published an initial version of a new Internet Draft on Greasing Protocol Extension Points in the DNS.
unsigning
Don’t Go Unsigned
At the ICANN 79 DNSSEC & Security Workshop, I gave a talk, with Eric Osterweil, on why you shouldn’t unsign your DNS zone during algorithm rollovers and...