DNS work at IETF 119
Re-gurgitating a post on LinkedIn about my DNS work at the recent IETF 119 meeting.
I'm Shumon Huque, a software engineer and technologist. You can read more about me here.
Recent Posts
Don’t Go Unsigned
At the ICANN 79 DNSSEC & Security Workshop, I gave a talk, with Eric Osterweil, on why you shouldn’t unsign your DNS zone during algorithm rollovers and...
Greasing DNS Extension Points
Mark Andrews (ISC) and I have published an initial version of a new Internet Draft on Greasing Protocol Extension Points in the DNS.
Automation of DNSSEC Provisioning and Maintenance
I was in Da Nang, Vietnam in September for the 41st DNS-OARC Workshop.
RFC 9471 published
DNS Glue Requirements in Referral Responses has just been published as RFC 9471. Co-authored with Mark Andrews, Paul Wouters, and Duane Wessels.
DNS-OARC talk on DNSSEC Experience
I just returned from the 40th DNS-OARC Workshop in Atlanta, Georgia, a small DNS focussed conference, run by DNS-OARC.
Invited Talk at University of Virginia
I was invited to give a talk at the University of Virginia’s ECE distinguished seminar series.
OARC Talk on DANE
I was in Philadelphia for the 38th DNS-OARC Workshop.
Website Reboot
It’s finally time to redo my website a bit.
Multi-Signer DNSSEC at APNIC Blog
APNIC published my article on Multi-Signer DNSSEC Models today on their blog.
RFC 9102 Published (TLS DNSSEC Chain)
RFC 9102: “TLS DNSSEC Chain Extension”, was finally published as “experimental” – a few years after a long, acrimonious battle in the IETF TLS WG to get it p...
Swedish Internet Foundation on Multi-Signer
The Swedish Internet Foundation published an article yesterday, “Solving the decade old problem with Multi-Signer DNSSEC”, mentioning my work and collaborat...
ICANN70 DNSSEC Panel
Recording of the ICANN70 DNSSEC Panel, in which I participated.
RFC 8901 published
Multi-Signer DNSSEC Models has just been published as RFC 8901.
DANE library in Go
I’ve developed a DANE TLS authentication library in Go recently, which is available on Github:
Iterative DNS resolution testing tool
Since I’ve been trapped at home due to the pandemic and have more free time, I’ve recently enhanced my command line iterative DNS resolution testing tool, “r...
Delegation Revalidation by DNS Resolvers
I’ve been working recently on a new IETF draft document on Delegation Revalidation by DNS Resolvers, with collaborators Paul Vixie, CEO of Farsight Security,...
Multi-Signer DNSSEC Models approved as RFC
The Multi-Signer DNSSEC Models draft that I’ve been working on for the past couple of years, has been approved by the IESG (Internet Engineering Steering Gro...
NS1 Press Release on Multi-Signer DNSSEC
DNS Company, NS1 today issued a press release on their collaboration with Salesforce (my employer) on the specification and implementation of Multi-Signer DN...
APNIC DANE blog
APNIC invited me to write a guest article for their blog, elaborating on my ‘Whither DANE’ lighting talk at the DNS-OARC 30 workshop in May. It just went up ...