Verisign Labs

Talented, Collaborative and Dedicated

The Verisign Labs team brings a tremendous breadth of expertise and talent.

Danny McPherson

Danny McPherson

Senior Vice President and Chief Security Officer


As senior vice president and chief security officer, Danny McPherson is responsible for all aspects of security at Verisign, which includes corporate strategy, infrastructure evolution and product direction. Additionally, he represents Verisign in key forums focused on critical infrastructure, network evolution, intelligence and availability. With over 20 years of experience in the Internet network operations, security and telecommunications industries, McPherson brings tremendous technical leadership and operational expertise to the company.

Prior to joining Verisign, McPherson was vice president and CSO at Arbor Networks where he helped lead the company's overall strategy and product architecture. He has also held technical leadership positions in architecture, engineering and operations with Amber Networks, Qwest Communications, Genuity, MCI Communications and the U.S. Army Signal Corps.

McPherson has actively participated in Internet operations and standardization since the early 1990s and has served multiple terms on the Internet Architecture Board (IAB) and the Internet Research Steering Group (IRSG), and has chaired an array of Internet Engineering Task Force (IETF) and other working groups and the IETF’s Nominations Committee. He also serves on the ICANN Security and Stability Advisory Committee (SSAC) and the FCC's Communications Security, Reliability, and Interoperability Council (CSRIC), and regularly speaks at network operations and security forums.

Additionally, McPherson is active in the network and security operations and research communities and has authored several books, an array of Internet protocol standards, network and security research papers and other publications related to Internet and critical infrastructure, routing and networking protocols, cyber security, Internet governance, Internet identifiers and network operations.



Practical BGP - Addison Wesley, 2004

Internet Routing Architectures, Second Edition - Cisco Press, 2000

Academic Publications

BGP Route Reflection Revisited, IEEE Communications Magazine, 2012

The Great IPv4 Land Grab; Resource Certification For the IPv4 Grey Market– HotNets‐X ACM Workshop, 2011

Operational Implications of the DNS Control Plane, IEEE Reliability Society Newsletter, 2011

Internet Inter‐Domain Traffic, SIGCOMM, 2010

A Comparative Study of Architectural Impact on BGP Next‐hopDiversity, UCLA CS TR 100031, 2010

Investigating Occurrence of duplicate updates in BGP announcements, Passive and Active Internet Measurement (PAM) Conference, 2010

Towards a Systemic Understanding of Route Reflection – UCLA Technical Report #100006, 2010

Tracking the IPv6 Migration, Arbor Networks Technical Report, 2009

The Zombie Roundup: Understanding, Detecting, and Disrupting Botnets, SRUTI05, 2005

Infrastructure Attack Detection & Mitigation Methodologies, ACM SIGCOMM, 2005

Toward Understanding Distributed Blackhole Placement, WORM04, 2004

Select Industry Publications and Presentations (Trade/Conference Omitted)

2009 Internet Observatory Report, NANOG 47, 2009

BGP Scalability Considerations, NANOG 46, 2009

ISP Route Filtering: Responsibilities and Technical Challenges, NANOG 43, 2008

Deployment Experience with BGP Flow Specification, NANOG 38, 2006

BGP Security Requirements, NANOG 33, 2005

Tracking Global Threats with the Internet Motion Sensor (IMS), NANOG 32, 2004

Customer‐triggered Real‐Time Blackholes, NANOG 30, 2004

Good MEDs Gone Bad!, NANOG 29, 2003

The Intra‐domain BGP Scaling Problem, GROW WG, IETF 73, 2008

Worldwide Infrastructure Security Report Volume I‐V, 2006 ‐ 2010

Sinkhole Networks, CanSecWest, 2004

Protecting the Infrastructure, EuSecWest/CanSecWest 2006

IPv4 Exhaustion::Trading Autonomy For Security, Arbor Blog, 2008

Arbor’s Security Engineering and Response Team (ASERT) Blog

Internet Engineering Publications

Unique Origin Autonomous System Numbers (ASNs) Node for Globally Anycasted Services, RFC 6382, 2011

Defining the Role and Role and Function of IETF Protocol Parameter Registry Operations, RFC 6220, 2011

Dynamic Hostname Exchange Mechanism for OSPF, RFC 5642, 2009

Remote Triggered Black Hole Filtering with Unicast Reverse Path Forwarding (uRPF), RFC 5635, 2009

Dissemination of Flow Specification Rules, RFC 5575, 2009

Simplified Extension of Link State PDU (LSP) Space for IS‐IS, RFC 5311, 2009

Dynamic Hostname Exchange Mechanism for IS‐IS, RFC 5301, 2008

AS Confederations for BGP, RFC 5065, 2007

BGP MED Considerations, RFC 4451, 2006

PWE3 Control Word for use over an MPLS PSN, RFC 4385, 2006

Experience with the BGP-4 Protocol, RFC 4277, 2006

Requirements for Pseudo-Wire Emulation Edge‐to‐Edge (PWE3), RFC 3916, 2004

Recommendations for Interoperable IP Networks using IS‐‐IS, RFC 3787, 2004

Recommendations for Interoperable Networks

Using IS-IS, RFC 3719, 2004

BGP Persistent Route Oscillation Condition, RFC 3345, 2002

L2TP Differentiated Services Extension, RFC 3308,2002

OSPF Stub Router

VLAN Aggregation for Efficient IP Address Allocation, RFC 3069, 2001

Autonomous System Confederations for BGP, RFC 3065, 2001

Using 31 Bit Prefixes on IPv4 Point-to-Point Links, RFC 3021, 2000

IS-IS Transient Blackhole Avoidance, RFC 3277, 2002

Internet Drafts (work in progress)

Architectural Considerations of IP Anycast – IAB Internet Draft (wip)

Dissemination of Flow Specification Rules for IPv6, Internet Draft (wip)

Source Address Verification Improvements (SAVI) Threat Scope, Internet Draft (wip)

Distribution of Diverse BGP Paths, Internet Draft (wip)

Secure Inter-domain Routing BGPSEC Simple Leak Attack, Internet Draft, (wip)

Architectural Considerations in Smart Object Networking, Internet Draft, (wip)

IRR and Routing Policy Configuration Considerations, Internet Draft, (wip)

Improving DNS Service Availability by Using Long TTL Values, Internet Draft, (wip)

OSPF Stub Router Advertisement (rfc3137bis), Internet Draft, (wip)

Route Leak Attacks Against BGPEC, Internet Draft, (wip)

Trends in Web Applications and the Implications on Standardization, Internet Draft,(wip)