The Author

I am a Security Engineer at Mozilla. I also designed the infrastructure for Let's Encrypt and currently serve on its Technical Advisory Board. Formerly, I was co-founder and Chief Technology Architect of SAIFE, Inc., and the designer of SAIFE's hybrid public key infrastructure.

I'm a co-author of the W3C Web Authentication specification, as part of my goal of replacing passwords everywhere I can.

I'm also an active private pilot and occasionally post about aviation topics under the heading aviation.


You can occasionally hear me talk about topics. See my Speaking Engagements list for upcoming and past events.

The Domain

The term "tactical secret" means a piece of valuable information - a secret - that is only truly valuable for a short period of time, such as a command to open your garage door, or even a credit card transaction. Contrast to a "strategic secret", like the trick to making a superweapon; those require protection for practically forever.

I bought years ago referring to the concept that most of what we care to protect are tactical secrets, and you can design your information security around lesser risk. Less than state strategic secrets, anyway.

The Site

This site is run on Ghost, a NodeJS CMS, and the theme is based on minighost from thyu.

The certificate is from Let's Encrypt.

The site forces you to use HTTPS for communication using HTTP Strict Transport Security; you can test its security using Qualys' Labs testing tool at