Hi!

I'm @FiloSottile. Same on GitHub.

I work at Cloudflare, on the Cryptography team, where I'm developing the Go TLS stack that powers TLS 1.3.

I joined Cloudflare in September 2013. For the next year I bent DNSSEC until it became something deployable transparently at scale and built the implementation to go with it.

(By the way, the DNSSEC community absolutely loves me.)

Then the DNS team unexpectedly shrunk and I owned the entire Go DNS server, RRDNS, for a year and a half, rebuilding the legacy backend and eventually transitioning it to a real team. Some code is open source.

RRDNS runs more than 40% of the Alexa top 1M.

I started out speed-running the Matasano Cryptopals. I attended what is now called Recurse Center in Fall 2013.

How we might have met

Probably conferences. If you are into security, I spoke for example at:

If you are a Gopher, then you might have seen me speaking at:

And a few others.

I also run Breaking Bad Crypto, a training seminar aimed at practical cryptographic exploitation. It covered hash extension, Vaudenay padding oracles and Bleichenbacher'06 RSA forgeries at the DEF CON 21 and 23 CryptoVillage, 32c3, 31c3 and HITB2015AMS.

What you might have used

I made the popular online Heartbleed test: https://filippo.io/Heartbleed

The Heartbleed test

And one for Superfish/Komodia, and one for LuckyMinus20.

If you ever ran ssh whoami.filippo.io, that was me:

$ ssh whoami.filippo.io

    +---------------------------------------------------------------------+
    |                                                                     |
    |             _o/ Hello Filippo Valsorda!
    |                                                                     |
    |                                                                     |
    |  Did you know that ssh sends all your public keys to any server     |
    |  it tries to authenticate to?                                       |
    |                                                                     |
    |  That's how we know you are @FiloSottile on GitHub!
    |                                                                     |
    |  Ah, maybe what you didn't know is that GitHub publishes all users' |
    |  ssh public keys and Ben (benjojo.co.uk) grabbed them all.          |
    |                                                                     |
    |  That's pretty handy at times :) for example your key is at         |
    |  https://github.com/FiloSottile.keys
    |                                                                     |
    |                                                                     |
    |  P.S. This whole thingy is Open Source! (And written in Go!)        |
    |  https://github.com/FiloSottile/whosthere                           |
    |                                                                     |
    |  -- @FiloSottile (https://twitter.com/FiloSottile)                  |
    |                                                                     |
    +---------------------------------------------------------------------+

I built gvt, the simple Go vendoring tool. I used to maintain youtube-dl. There's the Linux syscall table, too.

What you might have read

And other pieces on this blog or on the Cloudflare one.

There's also an old piece in Phrack 69 Linenoise.