Become a sponsor toDaniel McCarney
About
🌐 ✨ I'm a long time free software developer with a keen interest in applied cryptography work that has an internet-wide impact. Your support helps me prioritize producing open source software for the common good instead of private code locked up with a specific employer.
🔒 📈 In the past I was deeply involved withLet's Encrypt where I helped create anIETF proposed standard for ACME, worked on thecore CA software (and it'slittle brother), and collaborated with academia oncounter-measures against BGP hijacking. Let's Encrypt serves over 500 million domains, issues over 5 million certificates a day, and was a recipient of theLevchin Prize for Real World Cryptography.
🦀 🐎 Lately my attention has been directed towards moving the needle onmemory safety initiatives. For the past two years I've been contributing to theRustls ecosystem, helping provide a performant, memory safe, and modern TLS stack. Outside of typical maintenance work and bug fixes I've contributedencrypted client hello (ECH) support, revocation checking forwebpki and done substantial work on thenative C bindings for rustls used by projects likecurl and Apachemod_tls. Rustlsout-performs OpenSSL, offers important new features likepost-quantum hybrid key exchange, and is an important foundational crate for a memory safe future.
📜 ☑️ The Go programming language is another powerful ally of mine in the quest to displace entire vulnerability classes in the software we rely on. I contribute in the maintenance and development of the Gostandard library cryptography packages and have been helping work towards aFIPS-140-3 certification. Some of the most important software is subject to FIPS-140 requirements and should also be able to benefit from safe and modern cryptography!
Projects
I help maintain:
- rustls - a pure-Rust implementation of the TLS protocol
- rustls-ffi - FFI bindings to use Rustls from C or other languages.
- rcgen - utilities for generating test certificates and keys.
- webpki - a pure-Rust certificate validation library tailored to the web PKI.
- webpki-roots - a static trust anchor bundle backed by CCADB/Mozilla's root program.
- rustls-platform-verifier andrustls-native-certs - libraries to expose the native platform verifier, or system trust anchor stores to Rustls.
- a variety of other Rustls ecosystem crates likepki-types,tokio-rustls,hyper-rustls, andrustls-openssl-compat
- x509-parser - a pure Rust X.509 parser crate.
- ccadb-utils - helpers for fetching CCADB data, CRL datasets, etc.
I contribute, or have previously contributed, to projects like:
Reaffirm the importance of sustainable open source maintenance and development. Help support my full-time dedication to contributing to a better, more secure future for our critical software.