Stuff about me
Working in IT security since 1986, I have accumulated a very broad range of
engineering experience and expertise in many areas of computer security,
primarily those involving the use of cryptography. Since 1995 I have been
involved in a range of IT security standardization activities, which has given
me the opportunity to work alongside some of the most well-known experts in the
field. As well as authoring various standards documents,
I'm currently a co-chair of the
Internet engineering task force (IETF)
LAKE working groups. In
the past I co-chaired
and one working on an anti-spam technology called
domain keys identified mail (dkim).
I also co-chaired a world-wide web consortium (W3C) working
group on XML key management (xkms),
and was once an invited expert participating in the W3C web security
context working group (wsc), which was
basically a group of security and browser folks who were trying to improve on
the current "padlock" security indicator in browsers.
Between 2011 and April 2017 I was one of two IETF security area directors,
and hence was a member of the Internet
Engineering Steering Group, which is the technical management committee of
the IETF. That meant I needed to read, and (sort-of) "vote" on all new IETF
RFCs for those six years . In one week
telechat), that meant reading and commenting on 623 pages of
Internet-drafts, but that was a bad week - the average was 350 pages every
two weeks. So I learned (for me) a huge amount from that.
Between March 2019 and March 2021, I was a member of the Internet Architecture Board
that aims to "provide long-range technical direction for Internet development"
but which also does a bunch of bureaucracy as part of the IETF, handling various
appeals and appointments.
I'm currently an "at-large" member of the Internet Research Steering Group (IRSG) which does a somewhat similar job
for the far fewer documents produced by Internet research task force (IRTF) research groups.
Areas of security I've mostly worked on include Public Key Infrastructure
(PKI), authorization and security for web services. In terms of my current
approach to that kind of work, I would generally like to see better deployment
of security technology, even if that appears to come at the expense of
"purity." That represents a bit of a change from the approach we all had when
we first started working on PKI.
Until I started doing more security again recently, I was really more interested in networking and, in
particular, highly-challenged networks (e.g. networking in deep-space as
envisaged by the group working on the InterPlaNet). That work is mainly done in the
context of an IRTF group on delay tolerant networking (DTN) where I
also help out as co-chair. In 2006, I co-authored what we believe is the first
book about delay and disruption tolerant networking. But I
don't just do DTN bureaucracy - I'm also quite involved in most of the security
work being done in that context as well as in the definition of a long-haul
delay tolerant protocol called LTP (RFC 5326) that was used
(by NASA, not me) to talk
to a spacecraft 25 million km away! In that context, what's most
interesting to me is how DTN concepts (and maybe even concrete protocols) might
form a part of the future Internet architecture, especially for its more
challenged nodes (which I reckon will always exist).
In day-to-day terms, other than teaching a bit,
I'm currently more-or-less involved with the following projects:
My most recent EU-funded work was on a supporting action called
STREWS where we tried (and I think partly succeeded) to bridge between security
researchers and those involved in W3C and IETF standardisation. STREWS
sponsored and arranged (and I chaired) the 2014 Joint IAB/W3C workshop on
Strengthening the Internet against Pervasive Monitoring (STRINT). In a similar vein, I
instigated and helped setup a workshop at NDSS in 2016 to check if TLS1.3
was Ready or Not?.
Most recently, I helped organise an IAB workshop on the
impact (so far) of the COVID pandemic on the deployed Internet.
Pervasive Monitoring (PM) is something that
took up a lot of my time as IETF security area
after we started getting a better picture of exactly
how much some government actors are snooping on the Internet.
That however re-invigorated a lot of Internet security
folks with the result that a lot of good progress was
made on Internet security since 2013. I helped
to lead some of that within the IETF where I was the main
titled "Pervasive Monitoring is an Attack" and
which set the scene (well, I think it did:-) for a number
of other security activities for example, the
IAB statement saying encrypt it all,
DNS Privacy working group,
TCP increase security
RFC 7435 on opportunistic security
and on confdientiality for
And lots more too.
I think it's fair to say
and working to get IETF consensus on
were both significant enough contributions to all that
In terms of other/older projects, the most fun one was
an EU funded DTN project on reindeer tracking and
communications services for the reindeer herders - that was called N4C (Networking for Communications Challenged
Communities) and started in May 2008 for 3 years. We've published the
full results of our N4C trials
in the arctic, including all the code, logs etc. and there's an
informal blog-like description of our 2010 trial
In August 2010, we started a
related project on Information Centric Networking, (in our case based on DTN) -
that's being done as part of a very large EU funded project (an "IP") call SAIL where TCD worked on the so-called
Network of Information (NetInf, in our case a DTN-based ICN just to talk
acronym-babble for a moment:-). SAIL was my main day-to-day project in TCD
until about the end of 2012. I also did a little work on yet another EU
funded project on medical informatics, in that case providing a security model
and a content security API - that's the TRANSFoRm project, but our involvement
is quite small there, at least in terms of effort.
Also in 2010, with a couple of partners, I also started up a campus company, Tolerant Networks Ltd. to do
non-research DTN projects. As Tolerant Networks, we're worked with a UK company
called SciSys as a subcontractor on a
European Space Agency (ESA) funded study about the use of DTN protocols in
space. And we subsequently carried out another DTN study for ESA on
potential uses of DTN for (Earth orbiting) satellite. (MUDSAT)
Before all of those I worked on an Enterprise-Ireland funded (2005 technology
development fund) project on sensor networking with delay tolerance (SeNDT - intended to sound like
"scent"), focused mainly on piloting some DTN based technology we had developed
for environmental monitoring, in particular, lake water quality monitoring, but
using delay tolerant protocols.
I'm also on the editorial board of IEEE Internet Computing
magazine. And I'm a Senior Technical Advisor to the
Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG).
From July 2007 until April 2010 I was part-time chief technologist with NewBay software, an excellent company that
provided user generated content management software and services for mobile
network operators. (Later acquired.) That was a kind of Web 2.0 meets the bell-heads gig, which was
interesting, especially when the applications were offered to such large sets of
users (in the millions).
||Trinity College Dublin
|Research fellow, Part-time lecturer
In 2019 I initiated a new Trinity elective module:
What is the Internet doing to me? (TEU00311). That
accepts students from all over college (so not just engineering/CompSCI) and aims to
better prepare students in how they deal with the Internet.
That ran for it's second time during the 2020 pandemic, which was timely
I teach a course on computer security and privacy (CS7NS5 aka CSU44032) as part
of the Masters in Computer Science
and also other programmes and have supervised a number of NDS MSc
dissertations (~10 to date), and a PhD (Alex McMahon)
and MSc by Research (Aidan Lynch). Course materials are at
I've also taught other courses at various times (see here).
Past exam questions (with marking schemes/answer outlines) for my
courses can be found at: https://down.dsg.cs.tcd.ie/old-exams/index.html.
Website seems to be defunct!
|Chief Security Architect
Director of Research
Senior Research Associate
With NewBay I contributed to product architecture and creating product,
services and operational security processes. I also established NewBay's
internal patent scheme and filed a number of patent applications on NewBay's
behalf. (See USPTO applications 20110004924 and 20100064377 if you care;-)
I began with Baltimore as Chief Security Architect, reporting to the
Director of Research (a position I assumed in Spring 2000 until transitioning
to part-time in May 2002 as Senior Research Associate, I only finally quit in
June 2003). With Baltimore my main responsibilities included:
- Managing & leading Baltimore's non-product related R&D activities
(generally a group of 3-4 researchers)
- Managing & leading Baltimore's memberships and activities in a range
of technical industry and standards fora. (E.g. IETF, W3C, PKI forum, WAP
- In consultation with other senior staff, setting Baltimore's future
product and services strategy.
- Carrying out technical due-diligence for some acquisitions.
- Representing the company at various (primarily technical) events, e.g.
conference speaking, panel sessions, etc.
- Establishing Baltimore's patent incentive scheme.
Baltimore are no longer in the technology buisness, though the company still
seems to exist (sort-of). There's a wiki page about
it (usual caveats!)
||Software and Systems Engineering Ltd. (SSE), a Siemens company.
http://www.sse.ie/ (Defunct DNS name!
Subsequently, SSE were subsumed into http://www.guardeonic.com/ now
also a defunct DNS name!)
|Developer, then security architect for a range of security products.
Occasional tasks included: Siemens-internal security consulting; Bid
consultant; External consulting; Some standardization work
||Silicon and Software Systems Ltd. (S3)
|Project leader developing GSM test software (embedded systems) for
||Main security developer of telephone security product in startup
company (Milcode: a CELP voice coder, encryption)
||C.O.P.S. (Europe) Ltd. (partly re-formed as Realace Ltd following
||Researcher, then project leader on EU funded R&D projects in
security (ESPRIT MARS) and formal methods (ESPRIT METEOR).
- "Report from the IAB COVID-19 Network Impacts Workshop 2020", J. Arkko, S. Farrell, M. Kühlewind, C. Perkins, Internet RFC 9075, July 2021.
- "Deprecation of TLS 1.1 for Email Submission and Access", L. Velvindron, S. Farrell, Internet RFC 8997, March 2021.
- "Deprecating TLS 1.0 and TLS 1.1", K. Moriarty, S. Farrell, Internet RFC 8996, March 2021.
- D.J.Leith and S.Farrell, "GAEN Due Diligence: Verifying The Google/Apple Covid Exposure Notification API", Proc CoronaDef'21, NDSS.
- Douglas Leith, Stephen Farrell, "Contact Tracing App Privacy: What Data Is Shared By Europe's GAEN Contact Tracing Apps", Proc IEEE INFOCOM 2021.
Covid-19 Contact Tracing Apps:
Doug Leith and myself have some internal TCD funding for our work on contact tracing apps and have setup a small project website to try to start gathering results together in one place.
- Coronavirus Contact Tracing App Privacy: What
Data Is Shared By The Singapore OpenTrace App? (28th April 2020)
Update 27th June 2020: Accepted for SecureComm 2020.
See also: Podcast and Short Talk at IEEE Security & Privacy Conference, May 2020
- Coronavirus Contact Tracing: Evaluating The Potential Of Using Bluetooth Received Signal Strength For Proximity Detection (6th May 2020)
Update 18th Aug 2020: Accepted for ACM Computer Communications Review.
Measurement data from this report. See also news reports in: Science, New Scientist
- Tech report: A Coronavirus Contact Tracing App Replay Attack
with Estimated Amplification Factors (19th May 2020)
- Tech report: Measurement-Based Evaluation Of Google/Apple Exposure Notification API For Proximity Detection In A Commuter Bus (15th June 2020)
Measurement data from this report.
See also news reports in: BBC News, Irish Times, Irish Examiner, Telegraph.
- GAEN Due Diligence: Verifying The Google/Apple Covid Exposure Notification API (16th June 2020)
Update 23rd August 2020: Accepted for Corona Defcon21 Workshop, part of NDSS 2021
- We were invited to make a submission to the Oireachtas (the Irish
that is considering Ireland's response to the pandemic. Our submission is here (16
- Measurement-Based Evaluation Of Google/Apple Exposure Notification API For Proximity Detection In A Light-Rail Tram (26th June 2020)
Update 16th Sept 2020: Accepted for publication in PLOS ONE
Measurement data from this report. See also some German news coverage: Heise, Deutsches Arzteblatt, Frankfurter Allgemeine Zeitung, Bild
- Countries using the Google/Apple API publish the TEKs of the handsets of infected people. We've started to monitor these to track trend, see here (28th June 2020) and here (9th October 2020).
- Contact Tracing App Privacy: What Data Is Shared By Europe's GAEN Contact Tracing Apps (18th July 2020) Update 7th Dec 2020: Accepted for publication in Proc IEEE INFOCOM 2021
- "Low-Power Wide Area Network (LPWAN) Overview", S. Farrell (ed.), Internet RFC 8376, May 2018.
- Farrell, Stephen. "Clusters of re-used keys", (preprint), March 2018. https://eprint.iacr.org/2018/299
- "Report from the Internet of Things Software Update (IOTSU) workshop 2016", Farrell et al, Internet RFC 8240, September 2017.
- Farrell, Stephen. "Requirements Analysis Required--Otherwise Targeted Monitoring Enables Pervasive Monitoring." Computer 49.3 (2016): 34-40. (Extended form locally here)
- "Report from the Strengthening the Internet (STRINT) Workshop", Farrell, et al, Internet RFC 7687, December 2015.
- "HTTP Origin Bound Authentication (HOBA)", Farrell, et al, Internet RFC 7486, March 2015.
- Farrell, Stephen. "Why Pervasive Monitoring Is Bad." IEEE Internet Computing 18.4 (2014): 4-7.
- "Pervasive Monitoring is an Attack", Farrell et al. Internet RFC 7258/BCP 188, May 2014.
- Dannewitz, Christian, et al. "Network of information (netinf) - an information-centric networking architecture."
Computer Communications 36.7 (2013): 721-735.
- "Naming Things with Hashes", Farrell et al. Internet RFC 6920, April 2013.
- Arkko, Jari, et al. "Demo: Snowcat5-Networking in Snow." (Extremecom 2012).
- Dannewitz, Christian, et al. "Network of Information (NetInf)–An information-centric networking architecture." Computer Communications 36.7 (2013): 721-735.
- Farrell, Stephen. "CRiSIS 2012 security standards tutorial." Risk and Security of Internet and Systems (CRiSIS), 2012 7th International Conference on. IEEE, 2012.
- "Delay- and Disruption-Tolerant Networking (DTN): An Alternative Solution
for Future Satellite Networking Applications," Caini et al,
Proceedings of the IEEE, Nov. 2011. DOI: http://dx.doi.org/10.1109/JPROC.2011.2158378.
- "Report on
an Arctic Summer DTN Trial," Farrell et al., Springer Wireless Networks,
volume 17, issue 5, page 1127, ISSN: 1022-0038, DoI: 10.1007/s11276-011-0323-1, July 2011.
- "The Need for a Web Security API," Turner et al. W3C Identity in the
Browser Workshop, Mountain View, Califronia, USA, May 2011.
- "Security in the Wild," Stephen Farrell, Practical Secuurity Column, IEEE Internet Computing,
vol 15, no. 3, pp 86-91, May/June 2011.
- "Bundle Security Protocol Specification", Symington et al. Internet RFC 6257, May 2011.
- "Leaky or Guessable Session Identifiers," Stephen Farrell, Practical Security Column, IEEE Internet Computing,
vol 15, no. 1, pp 88-91, January/February 2011.
- "N4C DTN Router Node: 2009 Results, 2010 Plans," Farrell et al. ExtremeCom 2010 workshop, Dharamsala, India, September 2010.
- "Endpoint Discovery and Contact Graph Routing in space and terrestrial DTNs," Stephen Farrell,
5th Advanced satellite multimedia systems conference (asma) and the 11th signal processing for space communications workshop (spsc), September 2010, Cagliari, Italy, pages 89-93, E-ISBN: 978-1-4244-6832-4, DoI: 10.1109/ASMS-SPSC.2010.5586850
- "Applications Directly using Cryptography," Stephen Farrell, Practical Secuurity Column, IEEE Internet Computing,
vol 14, no. 3, pp 84-87, May/June 2010.
- "An Internet Attribute Certificate Profile for
Authorization," Farrell et al, Internet RFC 5755, January 2010.
didn't we spot that?" Stephen Farrell, Practical Security Column, IEEE
Internet Computing, vol. 14, no. 1, pp. 84-97, January/February 2010.
- "Delay- and Disruption-Tolerant Networking for Space and Satellite
Networks," Stephen Farrell, IEEE
Satellite and Space Communications Committee newsletter, SSC
newsletter, Vol 19, no 2, December 2009.
and Disruption Tolerant Networking," Alex McMahon, Stephen Farrell,
IEEE Internet Computer, (standards column), November/December 2009.
- "Other Certificates Extension," Stephen Farrell,
Internet RFC 5697, November 2009.
Keys to the Kingdom," Stephen Farrell, Practical Security Column, IEEE
Internet Computing, vol. 13, no. 5, pp. 91-93, September/October, 2009.
N4C DTN Router Node Design," Stephen Farrell, Stefan Weber, Alex
McMahon, Eoin Meehan and Kerry Hartnett, 1st Extreme Workshop on Communication,
Laponia, Sweden, August 8-14 2009.
- "Challenge-Response System and Method,",
Farrell et al, USPTO Application US 2011/0004924, Irish Patent S2009/0506, July 2009.
- Special issue of
computer communications on delay and disruption tolerant networking,
Computer Communications, Volume 32, Issue 16, 15 October 2009, Pages
1685-1686 Vinny Cahill, Stephen Farrell and Joerg Ott (eds)
Don't Grow in Threes," Stephen Farrell, Practical Security Column, IEEE
Internet Computing, vol. 13, no. 3, pp. 96, 94-95, May/June, 2009.
Don't We Encrypt Our Email?," Stephen Farrell, Practical Security
Column, IEEE Internet Computing, vol. 13, no. 1, pp. 82-85,
the Environmental Impact of Transport Noise with Wireless Sensor
Networks," Paul McDonald, Dermot Geraghty, Ivor Humphreys, Stephen
Farrell, Transportation Research Record: Journal of the Transportation
Research Board, Transportation Research Board of the National Academies,
Washington, D.C., No. 2058, November 2008, p133 - 139, doi:
Policy Purgatory," Stephen Farrell,Practical Security Column, IEEE
Internet Computing ,vol. 12, no. 5, pp. 84-87, September/October, 2008.
- "Licklider Transmission Protocol - Motivation," Burleigh et al, Internet RFC 5325,
- "Licklider Transmission Protocol - Specification,"
Ramadas et al, Internet RFC 5326, September 2008.
- "Licklider Transmission Protocol - Security Extensions,"
Farrell et al, Internet RFC 5327, September 2008.
An Architectural Retrospective," Fall, K. Farrell, S., IEEE Journal on
Selected Areas in Communications, Volume: 26, Issue: 5, pp: 828-836, June
2008. doi: 10.1109/JSAC.2008.080609
- "Internet X.509 Public Key Infrastructure Certificate and
Certificate Revocation List (CRL) Profile," David Cooper et al.,
Internet RFC 5280, May 2008.
Storage and Data Loss," Stephen Farrell, Practical Security Column,
IEEE Internet Computing, vol 12, no. 3, pp. 90-93, May/June 2008.
- "Access Rights for Digital Objects,"
Farrell et al, USPTO Application 20100064377, Irish Patent S2008/0215
Boundaries," Stephen Farrell, Practical Security Column, IEEE Internet
Computing ,vol. 12, no. 1, pp. 93-96, January/February, 2008.
the Environmental Impact of Transport Noise Using Wireless Sensor
Networks," Paul McDonald, Dermot Geraghty, Ivor Humphreys, Stephen
Farrell, Transportation Research Board, 87th Annual Meeting, Washington,
January 13-17, 2008.
- "Evaluating LTP-T: A DTN-Friendly Transport Protocol," Stephen Farrell,
Vinny Cahill, Third International Workshop on Satellite and Space
Communications 2007 - Third International Workshop on Satellite and Space
- "Transmission protocols for challenging networks," Fahad Syed Muhammad,
Laurent Franck, Stephen Farrell, Third International Workshop on Satellite
and Space Communications 2007 - Third International Workshop on Satellite
and Space Communications 2007.
- "Sensor Networking with Delay Tolerance (SeNDT)," Paul McDonald et al.,
First International Workshop on Distributed Sensor Systems (DSS'07) in conjunction
with IEEE ICCCN 2007,
Turtle Bay Resort, Honolulu, Hawaii, USA, August 16, 2007.
- "End-by-hop Data Integrity," Stephen Farrell & Christian Jensen,
Fourth European Workshop on Security and Privacy in Ad hoc and Sensor
Networks, July 2-3, 2007, Cambridge, UK. (Here's the ppt that
Christian used for the presentation at the workshop.)
"Delay and Disruption Tolerant Networking," Stephen Farrell and
Vinny Cahill, ISBN 1-59693-063-2, Artech House, 2006.
There's a selection of book sellers here
and another here. The
publisher's page is here.
TCP Breaks: Delay- and Disruption-Tolerant Networking", Stephen
Farrell, Vinny Cahill, Dermot Geraghty, Ivor Humphreys, and Paul McDonald,
IEEE Internet Computing, vol. 10, no. 4, 2006, pp. 72-78.
- "Security Considerations in Space and Delay Tolerant Networks", Stephen
Farrell and Vinny Cahill, Space Mission Challenges for
IT 2006 conference, Pasedena, July 2006.
Revocable Attestation", Ellison, Farrell, TCD CS Tech. Report 2006-37.
- This is an idea Carl and I worked back in 2002 that wasn't published
but that we now wanted to be able to reference.
- "DomainKeys Identified Mail demonstrates good
reasons to reinvent the wheel," Stephen Farrell, EuroPKI '06, Torino, June
2006, Springer LNCS vol 4043/2006.
A Generic Delay Tolerant Transport Protocol", Stephen Farrell and Vinny
Cahill, TCD Computer Science Technical Report TCD-CS-2005-69, 7 December
- "Internet X.509 Public Key Infrastructure Certificate Management
Protocols (CMP)" C. Adams, S. Farrell, T. Kause, T. Mononen,
Internet RFC 4210, September 2005.
- (Invited) "Using the
XML Key Management Specification (and breaking X.509 rules as you go)"
Farrell, Kahan, IFIP CMS'05, Salzburg, Sep. 2005.
- The conference proceedings were published by Springer (LNCS vol
3677/2005) and the paper can also apparently be accessed (i.e. bought!)
via the following link: http://dx.doi.org/10.1007/11552055_45
- "XKMS Working Group Interoperability Status
Report", Alvaro et. al, EuroPKI 2005.
Canterbury, UK, June 2005.
- "Securely Available Credentials Protocol," S. Farrell (ed.),
Internet RFC 3767, June 2004.
- "Security in Exotic Wireless Networks", S. Farrell, J.-M. Seigneur, C. D.
Jensen in NATO Computer and Systems Sciences Series III vol 193 "Security
and Privacy in Advanced Networking Technologies", ISBN 1 58603 430 8, ISSN,
1 387-6694, IOS Press, 2004.
- "End-to-end Trust Starts with Recognition", J.-M. Seigneur, S. Farrell,
C. D. Jensen, E. Gray, and Y. Chen, in Proceedings of the First
International Conference on Security in Pervasive Computing, 2003.
flexible interplanetary Internet", presented at the 37th ESLAB
Symposium, "TOOLS AND TECHNOLOGIES FOR FUTURE PLANETARY EXPLORATION", (workshop
site) ESTEC, Noordwijk, The Netherlands, 2-4 December 2003.
- This is really a minor update of the RAST2003 paper below (events
within weeks of one another don't allow much work in between!).
Supplementary materials are here inlcuding the
conference presentation (ppt).
an Interplanetary Internet", S. Farrell, C.D. Jensen, in "Proceedings
of the International Conference on Recent Advances in Space Technologies"
(RAST2003), Istanbul, Turkey,
November 2003, IEEE Catalog Number: 03EX743, ISBN 0-7803-8142-4.
- Supplementary materials are here inlcuding the
conference presentation (ppt, html).
- "Trajectory based addressing", Farrell, 8th
Cabernet radicals workshop: (position
paper), October 2003.
- Note: this is an intentionally silly/controversial proposal as
encouraged in the workshop cfp - so don't take it too seriously, though
it could work I guess
- "An Internet Attribute Certificate Profile for Authorization," S.
Farrell, R. Housley, Internet RFC 3281,April 2002.
ubiquitous computing based on entity recognition", Jean-Marc Seigneur,
Stephen Farrell, Christian Damsgaard Jensen, in Ubicomp2002 Security
Workshop, Göteborg, October 2002.
- "Reuse of CMS Content Encryption Keys," S. Farrell, S. Turner,
Internet RFC 3185, October 2001.
- "Securely Available Credentials - Requirements," A. Arsenault, S.
Farrell, Internet RFC 3157, August 2001.
- WAP Public Key Infrastructure Specification, June 2001, [editor] (http://www.wapforum.org/what/technical.htm)
- "XBULK",Farrell et al. July 2001 (http://xml.coverpages.org/x-bulk200107Draft.pdf)
- "Outlining Wireless Public Key Infrastructure", Farrell, December 2000.
(Can't seem to find a copy of that;-)
- "The WAP Forum's Wireless Public Key Infrastructure," Stephen
Farrell,Information Security Technical Report, Volume 5, Number 3, 1
September 2000, pp. 23-31(9) Elsevier, DOI:
- "AAA Authorization Requirements," S. Farrell, J. Vollbrecht, P.
Calhoun, L. Gommans, G. Gross, B. de Bruijn, C. de Laat, M. Holdrege, D.
Spence, Internet RFC 2906, August 2000.
- "AAA Authorization Application Examples," J. Vollbrecht, P.
Calhoun, S. Farrell, L. Gommans, G. Gross, B. de Bruijn, C. de Laat, M.
Holdrege, D. Spence, Internet RFC 2905, August 2000.
- "AAA Authorization Framework," J. Vollbrecht, P. Calhoun,
S. Farrell, L. Gommans, G. Gross, B. de Bruijn, C. de Laat, M. Holdrege, D.
Spence, Internet RFC 2904, August 2000.
- "Internet X.509 Public Key Infrastructure Certificate Management
Protocols," C. Adams, S. Farrell, Internet RFC 2510, March 1999.
- "System and Method for gaining access to information in a distributed
computer system", Farrell et al, WIPO patent filing: WO 98/39889, March
- "DEDICA EDI Security Function API specification", Farrell, 1997 (http://www.ejeisa.com/nectar/dedica/5.1/)
A note on RFCs as publications: Since I currently work in an academic
institution, people care a lot about peer reviewed publications, but generally
seem not to properly credit documents in the RFC series, so, with the aim of
helping to redress this imbalance, here's a bit of history
about one of the above RFCs. RFC
3281 is a standards-track
document, published in April 2002 based on the of the corresponding Interrnet Draft. The first
version was published in April 1999 and during that three year period
members of the IETF PKIX working
group (with O(100) active pacticipants) publicly commented on the draft many
times, for example, the list
archive shows 281 messages referring to this draft
involving about a dozen different individuals.
Over the entire period, perhaps O(100) independent comments were disposed of.
In April 2017 Google scholar currently returned some 702
citations for this RFC. (The content returned there changes over time
but overall it seems consistent.)
The conclusion? Many, though not all, of the documents in the RFC
series are important, high-quality publications that have undergone as thorough
a review as a journal article and the fact that almost all aspects of that
review are publicly archived gives the reader the chance to gain a much more
fully-rounded understanding of the technology and its development.