Re-gurgitating a post on LinkedIn about my DNS work at the recent IETF 119 meeting.

At the ICANN 79 DNSSEC & Security Workshop, I gave a talk, with Eric Osterweil, on why you shouldn’t unsign your DNS zone during algorithm rollovers and/or operator changes.

Mark Andrews (ISC) and I have published an initial version of a new Internet Draft on Greasing Protocol Extension Points in the DNS.

I was in Da Nang, Vietnam in September for the 41st DNS-OARC Workshop.

DNS Glue Requirements in Referral Responses has just been published as RFC 9471. Co-authored with Mark Andrews, Paul Wouters, and Duane Wessels.

I just returned from the 40th DNS-OARC Workshop in Atlanta, Georgia, a small DNS focussed conference, run by DNS-OARC.

I was invited to give a talk at the University of Virginia’s ECE distinguished seminar series.

I was in Philadelphia for the 38th DNS-OARC Workshop.

It’s finally time to redo my website a bit.

APNIC published my article on Multi-Signer DNSSEC Models today on their blog.

RFC 9102: “TLS DNSSEC Chain Extension”, was finally published as “experimental” – a few years after a long, acrimonious battle in the IETF TLS WG to get it published as “standards track” failed, due to technical disagreements. I discussed some of that saga in this earlier article, Whither DANE?.

The Swedish Internet Foundation published an article yesterday, “Solving the decade old problem with Multi-Signer DNSSEC”, mentioning my work and collaboration with them and Steve Crocker.

Multi-Signer DNSSEC Models has just been published as RFC 8901.

I’ve developed a DANE TLS authentication library in Go recently, which is available on Github:

Since I’ve been trapped at home due to the pandemic and have more free time, I’ve recently enhanced my command line iterative DNS resolution testing tool, “resolve.py” to fully support DNSSEC validation. It was quite a bit of work, but I’m pleased with the results so far.

I’ve been working recently on a new IETF draft document on Delegation Revalidation by DNS Resolvers, with collaborators Paul Vixie, CEO of Farsight Security, and Ralph Dolmans, software engineer at NLnetLabs. The document can be found at: https://tools.ietf.org/html/draft-huque-dnsop-ns-revalidation-01

The Multi-Signer DNSSEC Models draft that I’ve been working on for the past couple of years, has been approved by the IESG (Internet Engineering Steering Group - the overall management arm of the IETF).

DNS Company, NS1 today issued a press release on their collaboration with Salesforce (my employer) on the specification and implementation of Multi-Signer DNSSEC, and which has a quotation from me:

APNIC invited me to write a guest article for their blog, elaborating on my ‘Whither DANE’ lighting talk at the DNS-OARC 30 workshop in May. It just went up yesterday, and you can read it at the following link: