About
Experienced security and middleware architect and researcher with a particular focus on…
Activity
-
I am extremely happy to report that Google partnered with Fastly to use our OHTTP services. The latest use-case is to preserve the privacy of Chrome…
I am extremely happy to report that Google partnered with Fastly to use our OHTTP services. The latest use-case is to preserve the privacy of Chrome…
Liked by Melinda Shore
-
The IETF has named the second woman to serve as an #IETF Security Area Director starting in March 2024. A big congratulations to Deb Cooley, helping…
The IETF has named the second woman to serve as an #IETF Security Area Director starting in March 2024. A big congratulations to Deb Cooley, helping…
Liked by Melinda Shore
-
It was an honor to be part of the Program Committee and serve as the PC chair.
It was an honor to be part of the Program Committee and serve as the PC chair.
Liked by Melinda Shore
Experience
-
Retired
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
Education
Licenses & Certifications
-
CISSP
(ISC)2
Issued ExpiresCredential ID 357437
Publications
-
A DANE Record and DNSSEC Authentication Chain Extension for TLS
Internet draft
This draft describes a new TLS extension for transport of a DNS
record set serialized with the DNSSEC signatures needed to
authenticate that record set. The intent of this proposal is to
allow TLS clients to perform DANE authentication of a TLS server
certificate without needing to perform additional DNS record
lookups. It will typically not be used for general DNSSEC
validation of TLS endpoint names.Other authorsSee publication -
RFC 7279: An Acceptable Use Policy for New ICMP Types and Codes
IETF (Best Current Practice)
In this document we provide a basic description of ICMP's role in the IP stack and some guidelines for future use.
This document is motivated by concerns about lack of clarity concerning when to add new Internet Control Message Protocol (ICMP) types and/or codes. These concerns have highlighted a need to describe policies for when adding new features to ICMP is desirable and when it is not. -
GPS Trackers
Mushing Magazine
-
Network-Layer Signaling: Transport Layer
Internet draft
Other authors -
An EME Signaling Protocol Design
Internet draft
Other authors -
A STUN-Based Signaling Framework
Internet draft
-
Architecture for Reliable Server Pooling
Internet draft
Other authors -
Establishing Reachability Behind NATs
Internet draft
-
Talking to Stuff in the Network: Midcom Communication Models
Internet draft
-
Communicating with Transport Intermediaries: Discussion and Framework
Internet draft
-
The NSIS Transport Layer Protocol (NTLP)
Internet draft
-
The TIST (Topology-Insensitive Service Traversal) Protocol
Internet draft
-
Middlebox Communications (midcom) Protocol Requirements, RFC 3304
IETF
Other authors -
Towards a Network Friendlier Midcom
Internet draft
-
Requirements for Reliable Server Pooling, RFC 3237
IETF
Other authors -
Application Considerations for Midcom Middleboxes,
Internet drafts
-
H.323 and Firewalls: Problem Statement and Solution Framework
Internet draft
-
IP Telephony: Architectures and Protocol
Usenix Conference Invited Speakers Track
-
Cells In Frames: ATM Over Legacy Networks
IEEE International Conference on ATM
Other authors -
Workstation Telephony
Usenix Association WIP Track
-
2.6 MSD Implementation Overview
BSD Workshop, Boulder, CO
-
Release and User Environment Engineering for Mach 2.5
Open Software Foundation Mach Development Workshop
-
Advanced DNS Services for Securing Your Application and Enhancing User Privacy
PyCon 2016
This talk introduces new features that have been added to the Domain Name System recently, and how to use those features to improve application security and user privacy. I also introduce the "getdns" Python library, which provides a simplified DNS API, and how to interface with popular crypto libraries.
-
Requirements of the Cornell Theory Center for Resource Management and Process Scheduling
IPPS Workshop on Job Scheduling Strategies for Parallel Processing
Other authors
Patents
-
Address tagging for network address translation (NAT) traversal
Issued US 7,680,104
Disclosed are methods and apparatus for generating, as well as processing data that is traversing (or will be traversing) a translation device, such as a Network Address Translation (NAT) device. In one embodiment, a method of sending data from a first node to a second node is disclosed. The method includes sending a data packet having a header and a payload whereby the header includes (i) one or more fields which identify an application type that uses addresses and indicates that there is a…
Disclosed are methods and apparatus for generating, as well as processing data that is traversing (or will be traversing) a translation device, such as a Network Address Translation (NAT) device. In one embodiment, a method of sending data from a first node to a second node is disclosed. The method includes sending a data packet having a header and a payload whereby the header includes (i) one or more fields which identify an application type that uses addresses and indicates that there is a tag present in the payload that serves as a substitute for an address and (ii) an address and whereby the payload includes a tag that is positioned so that it serves as a substitution for an address that is used the identified application. The one or more fields are associated with the address of the header.
-
Mechanisms for detection of non-supporting NAT traversal boxes in the path
Issued US 7,443,849
Disclosed are methods and apparatus for facilitating translation of packet addresses (or ports) by one or more translation devices (e.g., Network Address Translation or NAT devices) using a specialized protocol to handle an address (or port) that is used to form part of a payload. In one implementation, this specialized protocol is referred to as Network Layer Signaling (NLS). As a packet traverses along a path containing one or more translation devices, each translation device is configured to…
Disclosed are methods and apparatus for facilitating translation of packet addresses (or ports) by one or more translation devices (e.g., Network Address Translation or NAT devices) using a specialized protocol to handle an address (or port) that is used to form part of a payload. In one implementation, this specialized protocol is referred to as Network Layer Signaling (NLS). As a packet traverses along a path containing one or more translation devices, each translation device is configured to translate an address (or port) of such packet's IP header if the packet is traversing between different domains (e.g., traversing between a private and public domain or between two different private domains). One or more of these translation devices may also be configured to implement the specialized protocol which includes translation device traversal mechanisms for detecting whether the traversal path contains a translation device that fails to implement such specialized protocol. When such a failure is detected, recovery mechanisms are also triggered.
Other inventors -
Cryptographic peer discovery, authentication, and authorization for on-path signaling
Issued US 7,350,227
A method is disclosed for cryptographic peer discovery, authentication, and authorization. According to one embodiment, a data packet, which is addressed to a destination device other than an intermediary network device, is intercepted at the intermediary network device. The data packet contains a request and a group identifier. A shared secret cryptographic key, which is mapped to the group identifier, is selected. A challenge is sent toward an upstream device from whence the data packet came.…
A method is disclosed for cryptographic peer discovery, authentication, and authorization. According to one embodiment, a data packet, which is addressed to a destination device other than an intermediary network device, is intercepted at the intermediary network device. The data packet contains a request and a group identifier. A shared secret cryptographic key, which is mapped to the group identifier, is selected. A challenge is sent toward an upstream device from whence the data packet came. A response is received. A verification value is generated based on the cryptographic key and the challenge. It is determined whether the response matches the verification value. If the response matches the verification value, then it is determined whether the request is allowed by an authorization set that is mapped to the group identifier. If the request is allowed, then a policy of the intermediary network device is configured based on the request.
Other inventors
More activity by Melinda
-
It was a genuine privilege to spend the last 10 years at Cisco helping to make the Internet work better. I'm so thankful for the incredible…
It was a genuine privilege to spend the last 10 years at Cisco helping to make the Internet work better. I'm so thankful for the incredible…
Liked by Melinda Shore
-
Open-source code implementing interoperable standards reduces risk and is the best defense against vendor lock-in. Support vendors that support…
Open-source code implementing interoperable standards reduces risk and is the best defense against vendor lock-in. Support vendors that support…
Liked by Melinda Shore
-
Humbled yet excited to see my name listed as co-author alongside the legendary Peter Gutmann on RFC 9500. Need a throwaway key where it doesn’t…
Humbled yet excited to see my name listed as co-author alongside the legendary Peter Gutmann on RFC 9500. Need a throwaway key where it doesn’t…
Liked by Melinda Shore
-
It took me more than 20 years of working in this field, but after nearly a decade of cooking this draft, and thanks to great collaborators like…
It took me more than 20 years of working in this field, but after nearly a decade of cooking this draft, and thanks to great collaborators like…
Liked by Melinda Shore
-
Some news. I’m taking my life long mission of taco and sushi consumption across the pond to London to be the next CFO at Chelsea FC. I’ll be…
Some news. I’m taking my life long mission of taco and sushi consumption across the pond to London to be the next CFO at Chelsea FC. I’ll be…
Liked by Melinda Shore
-
I'm so glad that Chabad Menorah will be lit London as planned on Dec 12. News that the Havering Council cancelled this year's Hanukkah celebration…
I'm so glad that Chabad Menorah will be lit London as planned on Dec 12. News that the Havering Council cancelled this year's Hanukkah celebration…
Liked by Melinda Shore
People also viewed
Explore collaborative articles
We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.
Explore MoreOthers named Melinda Shore
-
Melinda Shore
Administrative Assistant
-
Melinda Shore
Administrative Assistant at Doctors Making Housecalls
2 others named Melinda Shore are on LinkedIn
See others named Melinda Shore