Why RFC Compliance Is Not an Implementation Strategy
A Caddy case study on why RFC compliance alone does not settle implementation strategy.
Read articleZen Dodd
FOSS Maintainer, security researcher and infrastructure-focused engineer
About
I work on security, infrastructure and systems where behaviour, boundaries and operational reality matter more than slogans. My public work sits across Caddy maintainership, technical writing grounded in real implementation work and the development of Surveyor, a post-quantum readiness and cryptographic inventory tool. I use this site to keep a durable public record of the work that is actually worth showing: articles, notes, proof-of-concepts and contributions to real software. It is not meant to be exhaustive, only useful.
Start here
If you only read one thing, start here
Policy submissions
Formal submissions and public-interest documents on privacy, security, governance and digital infrastructure.
Read policy workSelected work
Recent public work
Make stream copy buffer size configurable
Adds control over upgraded bidirectional stream buffering, aimed at real deployment behaviour rather than abstract tuning.
Skip query rename when the source key is absent
Fixes uri query rename handling so an absent source key does not clobber an already-correct destination key.
Avoid default issuers for implicit Tailscale policies
Prevents implicit *.ts.net policies from falling back to default ACME issuance when that behaviour is incorrect.