Become a sponsor to Daniel McCarney
About
π β¨ I'm a long time free software developer with a keen interest in applied cryptography work that has an internet-wide impact. Your support helps me prioritize producing open source software for the common good instead of private code locked up with a specific employer.
π π In the past I was deeply involved with Let's Encrypt where I helped create an IETF proposed standard for ACME, worked on the core CA software (and it's little brother), and collaborated with academia on counter-measures against BGP hijacking. Let's Encrypt serves over 500 million domains, issues over 5 million certificates a day, and was a recipient of the Levchin Prize for Real World Cryptography.
π¦ π Lately my attention has been directed towards moving the needle on memory safety initiatives. For the past two years I've been contributing to the Rustls ecosystem, helping provide a performant, memory safe, and modern TLS stack. Outside of typical maintenance work and bug fixes I've contributed encrypted client hello (ECH) support, revocation checking for webpki and done substantial work on the native C bindings for rustls used by projects like curl and Apache mod_tls. Rustls out-performs OpenSSL, offers important new features like post-quantum hybrid key exchange, and is an important foundational crate for a memory safe future.
π βοΈ The Go programming language is another powerful ally of mine in the quest to displace entire vulnerability classes in the software we rely on. I contribute in the maintenance and development of the Go standard library cryptography packages and have been helping work towards a FIPS-140-3 certification. Some of the most important software is subject to FIPS-140 requirements and should also be able to benefit from safe and modern cryptography!
Projects
I help maintain:
- rustls - a pure-Rust implementation of the TLS protocol
- rustls-ffi - FFI bindings to use Rustls from C or other languages.
- rcgen - utilities for generating test certificates and keys.
- webpki - a pure-Rust certificate validation library tailored to the web PKI.
- webpki-roots - a static trust anchor bundle backed by CCADB/Mozilla's root program.
- rustls-platform-verifier and rustls-native-certs - libraries to expose the native platform verifier, or system trust anchor stores to Rustls.
- a variety of other Rustls ecosystem crates like pki-types, tokio-rustls, hyper-rustls, and rustls-openssl-compat
- x509-parser - a pure Rust X.509 parser crate.
- ccadb-utils - helpers for fetching CCADB data, CRL datasets, etc.
I contribute, or have previously contributed, to projects like:
Reaffirm the importance of sustainable open source maintenance and development. Help support my full-time dedication to contributing to a better, more secure future for our critical software.