I started working on the Web in 1992. Like most of the core Web developers, I worked on all aspects of the Web at first: HTTP, HTML and URIs. During that time I wrote what is now recognized as the first WebMail system as one of the tests of the protocol. I also invented the 'Referer' field.
As the needs of the Web grew, Tim Berners-Lee asked me to focus on security, in particular how should the Web use cryptography and Public Key Infrastructure? This led me to work on payments systems.
Most people think that Internet security is all about computers but it is actually all about people. People ask me if the Internet is safe. Of course it is safe, the Internet is an inanimate object, it is perfectly safe. It is the people using the Internet and their bank accounts that are at risk.
Computers don't commit crimes, people commit crimes using computers. Security is the most interesting part of the Internet because it is the part that is all about people.
Over the years our understanding of Internet security has changed markedly. When I first started on Web Security it was widely considered improper to suggest that hackers might be malicious. Realization gradually dawned as email inboxes became choked with spam trying to get credit card numbers or asking for help moving large sums of money out of Nigeria: If you connect to a computer network with three billion users, some of those people are going to be rather nasty.
My current research focus is PRISM-Proof Email, an attempt to make using end-to-end encrypted email as easy to use as regular email.
The Internet has now been a work in progress for over 40 years. A lot of things have changed over that time, including the ways that we describe large computer systems.
As a result, a lot of the early Internet Architecture documents have become misleading at best to the majority of Internet developers who have no memory of the days when computers cost upwards of a quarter million dollars and filled a room.
Much of my work as an 'Internet expert' is essentially explaining the technology and how practice differs from both appearance and theory. Since I don't have time to keep giving these explanations piecemeal, I have started collecting them together in a Web site for 'self-service' access.
Like most programmers, I have built up a personal library of tools that I use to perform repetitive tasks. Most of these tools are published as open source projects.
Many of my tools are built using Goedel, a tool building tool.