Stuff about me

Name: Stephen Farrell

Phone: gsm (preferred): +353-87-854-0597, office (hah!, as if;-): +353-1-896-2354


Home Page:

Current Employment (Previous); Teaching; Publications;

Picture of me - don't worry, you're not missing much!

Text last updated: 2021-07-23, if you don't like that photo: younger me


Working in IT security since 1986, I have accumulated a very broad range of engineering experience and expertise in many areas of computer security, primarily those involving the use of cryptography. Since 1995 I have been involved in a range of IT security standardization activities, which has given me the opportunity to work alongside some of the most well-known experts in the field. As well as authoring various standards documents, I'm currently a co-chair of the Internet engineering task force (IETF) homenet, OpenPGP and LAKE working groups. In the past I co-chaired the IETF's (sacred) working group and one working on an anti-spam technology called domain keys identified mail (dkim). I also co-chaired a world-wide web consortium (W3C) working group on XML key management (xkms), and was once an invited expert participating in the W3C web security context working group (wsc), which was basically a group of security and browser folks who were trying to improve on the current "padlock" security indicator in browsers.

Between 2011 and April 2017 I was one of two IETF security area directors, and hence was a member of the Internet Engineering Steering Group, which is the technical management committee of the IETF. That meant I needed to read, and (sort-of) "vote" on all new IETF RFCs for those six years . In one week (2011-05-26 telechat), that meant reading and commenting on 623 pages of Internet-drafts, but that was a bad week - the average was 350 pages every two weeks. So I learned (for me) a huge amount from that. Between March 2019 and March 2021, I was a member of the Internet Architecture Board that aims to "provide long-range technical direction for Internet development" but which also does a bunch of bureaucracy as part of the IETF, handling various appeals and appointments. I'm currently an "at-large" member of the Internet Research Steering Group (IRSG) which does a somewhat similar job for the far fewer documents produced by Internet research task force (IRTF) research groups.

Areas of security I've mostly worked on include Public Key Infrastructure (PKI), authorization and security for web services. In terms of my current approach to that kind of work, I would generally like to see better deployment of security technology, even if that appears to come at the expense of "purity." That represents a bit of a change from the approach we all had when we first started working on PKI.

Until I started doing more security again recently, I was really more interested in networking and, in particular, highly-challenged networks (e.g. networking in deep-space as envisaged by the group working on the InterPlaNet). That work is mainly done in the context of an IRTF group on delay tolerant networking (DTN) where I also help out as co-chair. In 2006, I co-authored what we believe is the first book about delay and disruption tolerant networking. But I don't just do DTN bureaucracy - I'm also quite involved in most of the security work being done in that context as well as in the definition of a long-haul delay tolerant protocol called LTP (RFC 5326) that was used (by NASA, not me) to talk to a spacecraft 25 million km away! In that context, what's most interesting to me is how DTN concepts (and maybe even concrete protocols) might form a part of the future Internet architecture, especially for its more challenged nodes (which I reckon will always exist).

In day-to-day terms, other than teaching a bit, I'm currently more-or-less involved with the following projects:

My most recent EU-funded work was on a supporting action called STREWS where we tried (and I think partly succeeded) to bridge between security researchers and those involved in W3C and IETF standardisation. STREWS sponsored and arranged (and I chaired) the 2014 Joint IAB/W3C workshop on Strengthening the Internet against Pervasive Monitoring (STRINT). In a similar vein, I instigated and helped setup a workshop at NDSS in 2016 to check if TLS1.3 was Ready or Not?. Most recently, I helped organise an IAB workshop on the impact (so far) of the COVID pandemic on the deployed Internet.

Pervasive Monitoring (PM) is something that took up a lot of my time as IETF security area director after we started getting a better picture of exactly how much some government actors are snooping on the Internet. That however re-invigorated a lot of Internet security folks with the result that a lot of good progress was made on Internet security since 2013. I helped to lead some of that within the IETF where I was the main author for RFC 7258 titled "Pervasive Monitoring is an Attack" and which set the scene (well, I think it did:-) for a number of other security activities for example, the IAB statement saying encrypt it all, the DNS Privacy working group, the TCP increase security and RFC 7435 on opportunistic security and on confdientiality for MPLS. And lots more too. I think it's fair to say that the STRINT workshop and working to get IETF consensus on RFC 7258 were both significant enough contributions to all that happening.

In terms of other/older projects, the most fun one was an EU funded DTN project on reindeer tracking and communications services for the reindeer herders - that was called N4C (Networking for Communications Challenged Communities) and started in May 2008 for 3 years. We've published the full results of our N4C trials in the arctic, including all the code, logs etc. and there's an informal blog-like description of our 2010 trial here.

In August 2010, we started a related project on Information Centric Networking, (in our case based on DTN) - that's being done as part of a very large EU funded project (an "IP") call SAIL where TCD worked on the so-called Network of Information (NetInf, in our case a DTN-based ICN just to talk acronym-babble for a moment:-). SAIL was my main day-to-day project in TCD until about the end of 2012. I also did a little work on yet another EU funded project on medical informatics, in that case providing a security model and a content security API - that's the TRANSFoRm project, but our involvement is quite small there, at least in terms of effort.

Also in 2010, with a couple of partners, I also started up a campus company, Tolerant Networks Ltd. to do non-research DTN projects. As Tolerant Networks, we're worked with a UK company called SciSys as a subcontractor on a European Space Agency (ESA) funded study about the use of DTN protocols in space. And we subsequently carried out another DTN study for ESA on potential uses of DTN for (Earth orbiting) satellite. (MUDSAT)

Before all of those I worked on an Enterprise-Ireland funded (2005 technology development fund) project on sensor networking with delay tolerance (SeNDT - intended to sound like "scent"), focused mainly on piloting some DTN based technology we had developed for environmental monitoring, in particular, lake water quality monitoring, but using delay tolerant protocols.

I'm also on the editorial board of IEEE Internet Computing magazine. And I'm a Senior Technical Advisor to the Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG).

From July 2007 until April 2010 I was part-time chief technologist with NewBay software, an excellent company that provided user generated content management software and services for mobile network operators. (Later acquired.) That was a kind of Web 2.0 meets the bell-heads gig, which was interesting, especially when the applications were offered to such large sets of users (in the millions).


Current Employment

Dates Organisation Position
May 2002-Date Trinity College Dublin
Research fellow, Part-time lecturer


In 2019 I initiated a new Trinity elective module: What is the Internet doing to me? (TEU00311). That accepts students from all over college (so not just engineering/CompSCI) and aims to better prepare students in how they deal with the Internet. That ran for it's second time during the 2020 pandemic, which was timely I guess;-)

I teach a course on computer security and privacy (CS7NS5 aka CSU44032) as part of the Masters in Computer Science and also other programmes and have supervised a number of NDS MSc dissertations (~10 to date), and a PhD (Alex McMahon) and MSc by Research (Aidan Lynch). Course materials are at I've also taught other courses at various times (see here).

Past exam questions (with marking schemes/answer outlines) for my courses can be found at:

Dates Company Position
2007-2010 NewBay Software
Chief Technologist
1999-2003 Baltimore Technologies
Website seems to be defunct!
Chief Security Architect
Director of Research
Senior Research Associate

With NewBay I contributed to product architecture and creating product, services and operational security processes. I also established NewBay's internal patent scheme and filed a number of patent applications on NewBay's behalf. (See USPTO applications 20110004924 and 20100064377 if you care;-)

I began with Baltimore as Chief Security Architect, reporting to the Director of Research (a position I assumed in Spring 2000 until transitioning to part-time in May 2002 as Senior Research Associate, I only finally quit in June 2003). With Baltimore my main responsibilities included:

Baltimore are no longer in the technology buisness, though the company still seems to exist (sort-of). There's a wiki page about it (usual caveats!)

Earlier Employments

Dates Company Position
1992-1999 Software and Systems Engineering Ltd. (SSE), a Siemens company. (Defunct DNS name! Subsequently, SSE were subsumed into now also a defunct DNS name!)
Developer, then security architect for a range of security products. Occasional tasks included: Siemens-internal security consulting; Bid consultant; External consulting; Some standardization work
1991-1992 Silicon and Software Systems Ltd. (S3)
Project leader developing GSM test software (embedded systems) for Philips
1989-1991 Intrepid Ltd. Main security developer of telephone security product in startup company (Milcode: a CELP voice coder, encryption)
1986-1989 C.O.P.S. (Europe) Ltd. (partly re-formed as Realace Ltd following 1988 liquidation) Researcher, then project leader on EU funded R&D projects in security (ESPRIT MARS) and formal methods (ESPRIT METEOR).




Covid-19 Contact Tracing Apps:

Doug Leith and myself have some internal TCD funding for our work on contact tracing apps and have setup a small project website to try to start gathering results together in one place.















Book cover (not that nice;-)

"Delay and Disruption Tolerant Networking," Stephen Farrell and Vinny Cahill, ISBN 1-59693-063-2, Artech House, 2006.

There's a selection of book sellers here and another here. The publisher's page is here.











Internet RFCs

A note on RFCs as publications: Since I currently work in an academic institution, people care a lot about peer reviewed publications, but generally seem not to properly credit documents in the RFC series, so, with the aim of helping to redress this imbalance, here's a bit of history about one of the above RFCs. RFC 3281 is a standards-track document, published in April 2002 based on the of the corresponding Interrnet Draft. The first version was published in April 1999 and during that three year period members of the IETF PKIX working group (with O(100) active pacticipants) publicly commented on the draft many times, for example, the list archive shows 281 messages referring to this draft involving about a dozen different individuals. Over the entire period, perhaps O(100) independent comments were disposed of. In April 2017 Google scholar currently returned some 702 citations for this RFC. (The content returned there changes over time but overall it seems consistent.) The conclusion? Many, though not all, of the documents in the RFC series are important, high-quality publications that have undergone as thorough a review as a journal article and the fact that almost all aspects of that review are publicly archived gives the reader the chance to gain a much more fully-rounded understanding of the technology and its development.