Multi-Signer DNSSEC Models has just been published as RFC 8901.
The first draft of this document was in March 2018, so it took approximately 2.5 years from start to finish.read more
I've developed a DANE TLS authentication library in Go recently, which is available on Github:
From the README file:
"Package dane provides a set of functions to perform DANE authentication of a TLS server, with fall back to PKIX authentication if the server does not …read more
Since I've been trapped at home due to the pandemic and have more free time, I've recently enhanced my command line iterative DNS resolution testing tool, "resolve.py" to fully support DNSSEC validation. It was quite a bit of work, but I'm pleased with the results so far.
The tool …read more
I've been working recently on a new IETF draft document on Delegation Revalidation by DNS Resolvers, with collaborators Paul Vixie, CEO of Farsight Security, and Ralph Dolmans, software engineer at NLnetLabs. The document can be found at: https://tools.ietf.org/html/draft-huque-dnsop-ns-revalidation-01
The central ideas in the draft are …read more
The Multi-Signer DNSSEC Models draft that I've been working on for the past couple of years, has been approved by the IESG (Internet Engineering Steering Group - the overall management arm of the IETF).
The approval announcement can be seen here: https://mailarchive.ietf.org/arch/msg/ietf-announce/F3RtV_72iUvdoAOv_LgN3aeIWx0/.
The document …read more
DNS Company, NS1 today issued a press release on their collaboration with Salesforce (my employer) on the specification and implementation of Multi-Signer DNSSEC, and which has a quotation from me:
This is about a specification I've been working on for a while now, mostly in …read more
I was in San Diego for a few days. The first day I visited the San Diego zoo, widely considered to be one the best. The second day I rented a car and drove out to the Anza Borrego Desert State Park - I've been meaning to visit it forever, but …read more
With work colleagues, I recently did some volunteering work at a local non-profit, Spirit Open Equestrian, which offers numerous healing programs involving therapeutic riding, equine assisted learning and psychotherapy programs. We learned about the program, how to take work with and take care of horses, and also spent some time …read more
I've been in London for nearly a week and a half for the IETF 101 meeting, and stayed the weekend after to visit and catch up with my (many) relatives here. This Sunday (March 25th) I walked around London with my brother and his wife. A bit chilly and overcast …read more
I'm in Puerto Rico for the DNS-OARC Workshop and ICANN 61 meeting. Yesterday, with some conference friends, we visited the world famous Arecibo Observatory. From it's completion in 1963 until about mid-2016, it was the world's largest radio telescope (at which time it was overtaken by the Aperture Spherical Telescope …read more
I've redone my website, something I've been planning to do for quite a while. I'm now using the Pelican static site generator. Over the next few days, I will also be pulling content from my old (and long neglected) blog hosted on Google's blogger platform gradually back to this site …read more
We visited (completely unannounced) a small village in Srimongol, Bangladesh on this day. The locals (and especially the kids) were delighted to see us. And one of the young girls, Jasmin, even invited us into their family's home to sit down with them for a bit.
Here's a short video …read more
I've put up some photos from both parks at Google Photos:read more
We went on vacation earlier this month to visit national parks in Washington State.
I've put up photos from the spectacular Mount Rainier National Park here:
We also visited Olympic and the North Cascades National Park. I hope to organize and put up photos from those …read more
I attended the Fall 2015 DNS-OARC workshop in Montreal, Canada earlier this month. DNS-OARC is the "DNS Operations, Analysis, and Research Center", and the premier venue for discussion and information sharing on DNS operations, protocol implementations, and research. As its website notes, DNS-OARC "brings together key operators, implementors, and researchers …read more
Originally hosted on storify (which shut down), this is a collection of social media references to my talk on DNS Query-Name Minimization at the May 2015 DNS-OARC Workshop in Amsterdam, Netherlands.read more
At the recent IETF meeting in Toronto, there was an interesting discussion in the trans working group on DNSSEC certificate transparency, and there is a (very) preliminary IETF draft (that needs a lot more work):
This isn't a new topic. It has been talked …read more
After more than 20 years of working at Penn (University of Pennsylvania), I've decided to take a new job as Principal Research Scientist at Verisign Labs, the applied research division of Verisign Inc. You might know that Verisign is one of the world's largest DNS infrastructure providers. It runs the …read more
Some DNS Top Level Domain (TLD) operators publish statistics about their DNS zones. Some others have a zone file access program that allows others to examine their data and publish statistics. Frederic Cambus (@fcambus on Twitter) maintains a site called statdns ( http://www.statdns.com/ ) that keeps statistics for several …read more
Page 1 / 2 »