Other articles

  1. Multi-Signer DNSSEC Models approved as RFC

    The Multi-Signer DNSSEC Models draft that I've been working on for the past couple of years, has been approved by the IESG (Internet Engineering Steering Group - the overall management arm of the IETF).

    The approval announcement can be seen here: https://mailarchive.ietf.org/arch/msg/ietf-announce/F3RtV_72iUvdoAOv_LgN3aeIWx0/.

    The document …

    read more
  2. NS1 Press Release on Multi-Signer DNSSEC

    DNS Company, NS1 today issued a press release on their collaboration with Salesforce (my employer) on the specification and implementation of Multi-Signer DNSSEC, and which has a quotation from me:


    This is about a specification I've been working on for a while now, mostly in …

    read more
  3. DNS Amplification Attacks

    There has been a lot of talk recently about DNS amplification attacks (with prominent news reports of high bandwidth attacks targeted at anti-spam services, cloud providers, financial institutions, etc). These are a class of denial of service attack that use DNS servers to emit large amounts of traffic onto unsuspecting …

    read more
  4. DNSSEC and Certificates

    DNSSEC is a system to verify the authenticity of DNS data using public key signatures. With increasing deployment of DNSSEC comes the possibility of applications using the DNS to store and retrieve TLS/SSL certificates in an authenticated manner. And possibly obviating the need for public/global certification authorities (CA …

    read more
  5. IPv6 and DNS+DNSSEC Classes I'm Teaching

    I'm teaching two half day classes on IPv6 and DNS/DNSSEC at the LOPSA PICC conference (Professional IT Community Conference), being held May 11-12, 2012 in New Brunswick, NJ. This is a regional IT and system administration conference run by the New Jersey chapter of the League of Professional System …

    read more