Early models of packet networking used a hop-by-hop paradigm of control. Each intermediate device (a “router” in Internet parlance) would use a control loop with its adjacent neighbour and retransmit any frame that was not explicitly acknowledged as received by the neighbour. Such models were used by the X.25 protocol,…| blabs
The Internet Engineering Task Force (IETF) meets three times a year to work on Internet Standards and related operational practice documents. In July of 2025 the IETF met in Madrid (finally, and only after a number of thwarted mis-starts!) with more than a thousand folk in attendance through the week.…| blabs
The Internet Engineering Task Force (IETF) meets three times a year to work on Internet Standards and related operational practice documents. In July of 2025 the IETF met in Madrid (finally, and after a number of thwarted mis-starts!) with more than a thousand folk in attendance through the week.| blabs
Use the new IANA-registered tag to preserve JSON numbers represented as strings when encoding in Concise Binary Object Representation.| Just a Theory
On the completely impossible situation of blocking the Tor .onion TLD to avoid leaks, but at the same time not block it to make users able to do what they want. dot-onion leaks The onion TLD is a Tor specific domain that does not mean much to the world outside of Tor. If you try … Continue reading Leeks and leaks →| daniel.haxx.se
I gave a talk about the Internet Research Task Force (IRTF) at an IETF Standards Culture and Process Deep-Dive Training that took place in Beijing on May 8th, 2025. The training was hosted by the C…| Dirk Kutscher
The IETF has recently published an interview with me on the IETF Blog.| Dirk Kutscher
We’ve talked many times about WHIP and WHEP on this blog post. Since before WHIP was even a thing on the IETF’s radar, we prototyped it with CoSMo, as it seemed like a great first step towards my dream (and… Read more › The post Node.js WHIP/WHEP server libraries first appeared on Meetecho Blog.| Meetecho Blog
These past few months I've shared a lot of info on my experiments with QUIC as a new transport for real-time media. I detailed my efforts on writing a basic QUIC stack, followed by deeper dives in RTP Over QUIC (RoQ) and, most importantly, Media Over QUIC (MoQT), where I tried to sketch and prototype| Meetecho Blog
On January 30th of 2012, fifteen organizations announced the working group they had formed, and the first version of the protocol they had produced. This was the public kickoff of both DMARC.org and the DMARC protocol. It would grow from just 450 published sending domain policies and 2 billion protected mailboxes after one year, to […]| dmarc.org
It's been a few weeks since we started having a look at QUIC and how it can be used for real-time media. We started a couple of months ago with an overview on QUIC itself, and my prototype stack implementation of it. After that, we started looking at some practical applications, focusing specifically on RTP| Meetecho Blog
A few weeks ago I shared my experience studying and implementing QUIC from scratch: in shortly less than a month, I went from not knowing anything about QUIC, to have a basic stack (with WebTransport support) I could use for interacting with other implemenentations on simple scenarios. Getting to that point was bumpy (QUIC is| Meetecho Blog
My earlier work on Streamlined NTRU Prime has been progressing along. The IETF document on sntrup761 in SSH has passed several process points. GnuPG’s libgcrypt has added support for sntrup761. The libssh support for sntrup761 is working, but the merge Continue reading Classic McEliece goes to IETF and OpenSSH→| Simon Josefsson's blog
The OpenSSH project added support for a hybrid Streamlined NTRU Prime post-quantum key encapsulation method sntrup761 to strengthen their X25519-based default in their version 8.5 released on 2021-03-03. While there has been a lot of talk about post-quantum crypto generally, Continue reading Streamlined NTRU Prime sntrup761 goes to IETF→| Simon Josefsson's blog
GSS-API is a standardized framework that is used by applications to, primarily, support Kerberos V5 authentication. GSS-API is standardized by IETF and supported by protocols like SSH, SMTP, IMAP and HTTP, and implemented by software projects such as OpenSSH, Exim, Continue reading Towards pluggable GSS-API modules→| Simon Josefsson's blog
Simple Authentication and Security Layer (SASL, RFC4422) is the framework that was abstracted from the IMAP and POP protocols. Among the most popular mechanisms are PLAIN (clear-text passwords, usually under TLS), CRAM-MD5 (RFC2195), and GSSAPI (for Kerberos V5). The DIGEST-MD5 Continue reading What’s wrong with SCRAM?→| Simon Josefsson's blog
As many others, I have been following the launch of Let’s Encrypt. Let’s Encrypt is a new zero-cost X.509 Certificate Authority that supports the Automated Certificate Management Environment (ACME) protocol. ACME allow you to automate creation and retrieval of HTTPS Continue reading Let’s Encrypt Clients→| Simon Josefsson's blog
Colin Percival and I have worked on an internet-draft on scrypt for some time. I realize now that the -00 draft was published over two years ago, turning this effort today somewhat into archeology rather than rocket science. Still, having Continue reading Scrypt in IETF→| Simon Josefsson's blog
After meeting Niels Möller at FOSDEM and learning about his Ed25519 implementation in GNU Nettle, I started working on a simple-to-implement description of Ed25519. The goal is to help implementers of various IETF (and non-IETF) protocols add support for Ed25519. Continue reading EdDSA and Ed25519 goes to IETF→| Simon Josefsson's blog
Today there was an announcement that Dropbox supports two-factor authentication. On their page with detailed instructions there is (at the bottom) a link to the man page of the OATH Toolkit command line utility oathtool. OATH Toolkit is available in Continue reading Using OATH Toolkit with Dropbox→| Simon Josefsson's blog
I am happy to announce a project that I have been working quietly on for about a year: the OATH Toolkit. OATH stands for Open AuTHentication and is an organization that specify standards around authentication. That is a pretty broad Continue reading Introducing the OATH Toolkit→| Simon Josefsson's blog
The RFC Editor has announced a new document, RFC 6070, with test vectors for PKCS5 PBKDF2. The document grow out of my implementation of SCRAM for GNU SASL. During interop testing, more than one other implementation turned out to have Continue reading On Password Hashing and RFC 6070→| Simon Josefsson's blog
I have finished the SCRAM implementation in GNU SASL. The remaining feature to be added were support for the “enhanced” SCRAM-SHA-1-PLUS variant instead of just the normal SCRAM-SHA-1 mechanism. The difference is that the latter supports channel bindings to TLS, Continue reading GNU SASL with SCRAM-SHA-1-PLUS→| Simon Josefsson's blog
I have blogged about GNU SASL and GS2-KRB5 with the native Kerberos on Mac OS X before, so the next logical step has been to support GS2-KRB5 on Windows through MIT Kerberos for Windows (KfW). With the latest release of Continue reading GS2-KRB5 using GNU SASL and MIT Kerberos for Windows→| Simon Josefsson's blog
Yesterday (12th July 2010) the RFC editor announced the publication of RFC 5801, which I’m co-author of. The GS2 document has taken 5 years to reach this status, see my page on GS2 status. So what is GS2? Briefly explained, Continue reading Bridging SASL and GSS-API: GS2→| Simon Josefsson's blog
I have worked in the IETF on the specification for the next generation GSSAPI-to-SASL bridge called GS2 (see my status page for background) for a couple of years now. The specification is (finally!) in the RFC editor’s queue, and is Continue reading GS2-KRB5 in GNU SASL 1.5.0→| Simon Josefsson's blog
Many years ago, for my master’s thesis, I worked on evaluating using the DNS to store certificates. I eventually ended up fixing several problems in RFC 2538 in a document that became RFC 4398. Using CERT records to store certificates Continue reading Storing OpenPGP keys in the DNS→| Simon Josefsson's blog
In a bug report against libidn, Erik van der Poel gives an example of an internationalized domain name that is handled differently by different implementation. Another example of one such string is: ‘räksmörgÃ¥s’ U+2024 ‘com’ If your browser supports Unicode, Continue reading IDNA flaws with regard to U+2024→| Simon Josefsson's blog
QUIC has been on my mind for quite some time. I remember mentioning it as part of my "what's next?" slides at the first edition of JanusCon, 5 years ago, and of course it was very much a topic in my opening slides at the latest JanusCon as well. For one reason or another, though,| Meetecho Blog
The technical standards that govern how the Internet and modern computer networks operate are debated and approved by a number of organizations. These organizations exist to ensure the proper functionality and long term feasibility of network transmission methods. IT professionals should be familiar with these organizations, how they operate, and what their specific roles and … … Continue reading →| Doug Vitale Tech Blog
A few weeks ago I attended the first edition of what turned out to be a great event, RTC.On, and I took that opportunity to submit a talk on something I wanted to work on for quite some time: bandwidth estimation in WebRTC and, more specifically, Janus. The main objective of that presentation was not| Meetecho Blog
It's been a while since last time we spoke of WHEP: just to brush up your memory, it was a few months ago, when we first introduced WHEP as a companion protocol to WHIP, that we had talked about a few other times already. At the time, we explained how WHIP and WHEP both play| Meetecho Blog
