Mark Nottingham
mnot@mnot.net
https://www.mnot.net/
linkedin profile
open source contributions
Summary
I’m honoured and humbled to have contributed to the development and maintenance of the Internet and Web for more than 20 years. As part of that, I have written, edited or substantially contributed to more than thirty IETF RFCs and W3C Recommendations about topics like HTTP, caching, linking, Web architecture, privacy and security.
I’m driven by a desire to understand the role of technical standards in Internet governance, so that they can effectively contribute to human welfare.
Selected Activities and Affiliations
- Affiliate, Australian Institute of Company Directors (2023-)
- Chair, IETF QUIC Working Group (2016-2020)
- Program Committee Lead, HTTP Workshop (2015-)
- Co-organiser, Showing of CITIZENFOUR to IETF participants, with video appearance by Edward Snowden (2015)
- Presenter, Strengthening the Internet Against Pervasive Monitoring (STRINT) Workshop (2014)
- Chair, IETF HTTP Working Group (2007-)
- IETF Liaison to the W3C (2006-2020)
- Chair, W3C Web Services Addressing Working Group (2004-2006)
- Chair, IETF Web Intermediaries Working Group (2001-2002)
- Representative, W3C Advisory Committee (2000-2002, 2010-2011, 2013-)
Selected Publications
Requests for Comments
See also my IETF profile for additional RFCs and drafts in progress.
- Author, RFC 9518: Centralization, Decentralization, and Internet Standards
- Author, RFC 9457: Problem Details for HTTP APIs
- Editor, RFC 9110: HTTP Semantics
- Editor, RFC 9111: HTTP Caching
- Editor, RFC 9112: HTTP/1.1
- Author, RFC 8890: The Internet is for End Users
- Author, RFC 8615: Defining Well-Known URIs
- Author, RFC 8288: Web Linking
- Author, RFC 7838: Alternative Services for HTTP
- Author, RFC 7320: URI Design and Ownership
- Author, RFC 6585: Additional HTTP Status Codes
- Author, RFC 6570: URI Template
- Author, RFC 5861: HTTP Cache-Control Extensions for Stale Content
- Editor, RFC 4287: The Atom Syndication Format
IAB Statements
- Editor, Avoiding Unintended Harm to Internet Infrastructure
- Editor, Comments on the Australian Assistance and Access Bill 2018
W3C TAG Findings
- Editor, Securing the Web
- Editor, Unsanctioned Web Tracking
Commentary, Interviews and Press Mentions
See also mnot’s blog.
- Moving Control to the Endpoints: Motivations, Challenges, and the Path Forward (APNIC Blog, 2019)
- Australia’s Snooper’s Charter: Experts React, and it ain’t pretty (The Register, 2018)
- How to Read an RFC (IETF Blog, 2018)
- Internet Protocols are Changing (APNIC Blog, 2017)
- Snowden Meets the Internet Engineering Task Force (IETF Journal, 2015)
- Websites Can Probably Guess Your Identity with Three Basic Data Points (The Observer, 2015)
- Error 451 is the new HTTP code for online censorship (Wired UK, 2015)
Experience
UK Competition and Markets Authority
Digital Expert (Contractor) (2/2023–)
I was appointed as a “leader from […] industry brought in to advise the CMA as it prepares for new powers to oversee digital markets.”
World Wide Web Consortium
Secretary (1/2023–)
I serve as Secretary of the Corporation. Beyond managing the corporate records, I interface with legal counsel for the Board, assure that Directors are aware of and meeting their duties, helped to establish a Board culture focused on risk and strategy, and have arranged training for the Board.
Director (10/2022–)
I was elected by the membership to serve on the first Board of Directors for W3C Inc., which saw the organisation transition from a multi-institution agreement to a single legal entity.
As chair of the Governance committee, I drove negotiation of key partner contracts and core Board policies.
As a member of the Personnel committee, I helped to select our new CEO.
As chair of the Board Development committee, I coordinate onboarding of new Directors, efforts to improve and track Board diversity and skills, and instituted Board training.
Cloudflare
Standards Lead (6/2022–)
I am responsible for coordinating and supporting technical standards efforts across the company, and serve as an internal expert on HTTP and related protocols.
I also represent Cloudflare as a W3C Advisory Committee member, and was nominated by Cloudflare to serve on the W3C Board of Directors.
Fastly
Senior Principal Engineer, Office of the CTO (8/2017–5/2022)
I was responsible for development and execution of external collaboration strategy, encompassing technical standards, open source, and industry research.
My achievements at Fastly include improving Content Delivery Network interoperability and shared functionality through the standardisation of common functions; assisting the Web’s transition to HTTP/3, and contributions to the continued viability of standards organisations as venues for the public good.
I also assisted product definition by providing domain expertise in HTTP and other protocols.
Internet Architecture Board
Member (2017-2021)
I was selected by community representatives (the NOMCOM) to serve on this body which “provides long-range technical direction for Internet development, ensuring the Internet continues to grow and evolve as a platform for global communication and innovation.”
Much of my work on the IAB was administrative, including nominating and confirming various appointees and running the liaison program. I also did technical work there, including:
- Authoring and publishing RFC 8890: The Internet is for End Users
- Arranging and holding the ESCAPE Workshop to examine the potential impact of work associated with Google AMP on the Web publishing ecosystem
- Helping to draft various IAB statements, including comments on the Australian Assistance and Access Bill 2018
Mozilla Corporation
Independent Contractor (5/2017–8/2017)
The Firefox CTO asked me to define a targeted standardisation strategy and improve standards coordination and communication in a time-limited project.
This work resulted in the launch of the Mozilla Specification Positions repository, which documents the company’s stance on standards proposals, both improving internal coordination and improving external communication.
Akamai Technologies
Principal Architect, Web Division (9/2012–4/2017)
My major focus was on leading the HTTP Working Group in shipping HTTP/2.
Additionally, I was responsible for defining and leading Akamai’s standards participation strategy, primarily in the IETF and W3C. I served as an in-house expert on HTTP and the Web and helped to grow Akamai’s IETF participation from one regular attendee to over ten.
W3C Technical Architecture Group
Member (2014-2017)
I was elected by the W3C membership to “document the architecture of the World Wide Web and assist the community in interpreting it.” Included working with various stakeholders to assure architectural alignment, reviewing specifications, and documenting architectural positions and findings, such as that on Unsanctioned Web Tracking.
Rackspace
Systems Architect, Subject Matter Expert (8/2011–8/2012)
Rackspace was investing heavily in OpenStack, and at the time it appeared that there might be need (or an opportunity) for standards work in the cloud infrastructure space. I was hired to define and execute that strategy, but it became clear in time that the primary mechanism for the company was Open Source.
Yahoo!
Senior Principal Technical Yahoo! (1/2006–8/2011)
I defined internal standards for HTTP APIs for Yahoo!’s Media group (approximately 20 sites, including finance, movies and news). This work subsequently served as the basis for Yahoo!-wide standards for HTTP. I also served as a subject-matter expert on HTTP, assisting product groups in architecting, supporting and implementing services, evangelising its use both inside and outside of Yahoo!.
A major part of my responsibilities was developing, maintaining and supporting Yahoo’s internal build of the Squid Web Cache, including feature development, such as two new invalidation protocols and stale-while-revalidate. This software was used both for the front end (e.g., Flickr, 1.8 billion+ hits/day) and back end (e.g., Sports, News, Mail, Frontpage) by more than 35 internal customers. I also assisted with road-mapping features for the newly open- sourced Apache Traffic Server.
Additionally, I helped manage the company’s overall standards participation and strategy, representing it in the W3C Advisory Committee and elsewhere.
Web Services Interoperability Organization
Director (2002-2006)
I served on the Board of Directors of this industry consortium that focused on improving the interoperability of Web Services.
BEA Systems
Senior Principal Technologist, Office of the CTO (5/2002–1/2006)
I provided leadership in standards participation and input on the company’s overall technology strategy through development of Web services specifications, representation of the company to the industry (through conference presentations and standards committees), and by liaising with partners, customers and internal resources.
Akamai Technologies
Research Scientist, Standards and Protocols (9/1999–3/2002)
I was the company’s resident expert in HTTP, XML, Web services and other Web technologies.
A primary deliverable was the design of Akamai’s “metadata” system (also known as “ARLv3”), allowing control of distributed server behaviour through a configuration file as well as request and response attributes.
I participated in development of and edited the specification for Edge Side Includes - an early attempt at edge computing that is still in wide use today. I also participated in the W3C Platform for Privacy Preferences (P3P) Working Group to represent Akamai’s interests and assure that the outcome would not cause issues for our products.
Merrill Lynch
Internet Project Manager (7/1998–9/1999)
I championed, designed and oversaw implementation of a worldwide enterprise content delivery network, wrote policy directives for architecture and deployment of caching Web proxies, and proactively diagnosed and remedied performance issues with internal Web-based research delivery system.
I was also responsible for Web development and support within the Australiasian region, working with management to develop a Intranet and Internet business plan. This included deploying and maintaining enterprise firewall systems for Internet and extranet access.
connect.com.au
Web Engineer (7/1996–3/1997)
Served as the Webmaster for this ISP, responsible for design of corporate identity, packaging, sales and support materials in addition to Web design. Also assisted in deployment of a large-scale Squid proxy cache cluster, and led a team to ship an Internet dialup client on CD-ROM.
La Trobe University, IT Services
Webmaster (12/1995–7/1996)
Oversaw of the University’s Web presence, including building and maintaining University Web servers and Harvest caching proxies, developing University-wide policies for Internet use in consultation with legal counsel, and designing the University Web site (which won Best Tertiary Education Site at the 1996 Australian Internet Awards).
Also planned and trained University staff on using the Internet and publishing on the Web.
Education
Australian Institute of Corporate Directors
Foundations of Directorship (11/2023)
Professional development for governance, finance, strategy and risk.
Melbourne Law School
Graduate Diploma in Communications Law (2/2020–12/2022)
Around 2015 my standards work raised some difficult questions about legitimacy and governance, and I wanted to have a better grounding for these considerations. At the same time, it was becoming apparent that governance is increasingly going to be imposed on the Internet from new sources — including legal ones.
So, I applied to this program, which is made up of Masters-level courses for practicing lawyers. I don’t have a JD, but was able to keep up and in the process probably had more fun that I had in about a decade.
My studies included Privacy Law, Competition in Digital Markets, Digital Trade, and Regulatory Policy and Practice. All were illuminating and enjoyable, but Competition and Regulation were the closest to home, and most applicable.
Towson State University
BA, Interdisciplinary Studies (9/1989–5/1994)
I wanted to be a photojournalist, so I composed a self-designed program in fine art photography, journalism, physics of light, philosophy of aesthetics, and anything else conceivably linked to photography.
However, before I finished my degree a friend in a similar program had a Bad Experience (in a war zone), and never picked up a camera again. This made me think hard about my future, and I quickly realized I didn’t want to go down that path.
Given the subsequent devaluation of professional photography, it was a good choice.
Legal Status
I am a citizen of both the United States and Australia, who is resident in Australia.