I am a software developer based in Helsinki, Finland. I work for Mozilla. I mainly work on stuff above networking and below layout. Notably I’m the principal author and module owner of Firefox’s HTML parser, character encoding converters, and encoding detectors. As of August 2020, I’m primarily working on focus management in the context of out-of-process iframes. Previously, I developed an HTML5 validator and represented Mozilla on the HTML Working Group of the W3C. (Note that since Open Source work often involves publishing personal opinions about work topics, you should not consider anything on this site as a position of Mozilla even if it carries Mozilla’s copyright notice.)
In 2007, I graduated as Master of Science (Technology) from Helsinki University of Technology, Department of Computer Science and Engineering. I wrote my master’s thesis about HTML5 validation.
My primary email address is email@example.com. Previously, I have used the email address firstname.lastname@example.org, which remains forwarded to email@example.com.
However, I’m constantly near email bankruptcy, so other ways of communication are likely to work better. For questions about Firefox or Gecko, please consider using the dev-platform mailing list. For questions about HTML5 validation or the validator, please consider using the WHATWG help list instead of emailing me directly. For short things, tweeting to @hsivonen on Twitter or finding hsivonen on the #whatwg IRC channel on Freenode works better than email.
Please don’t email me about link exhange proposals or about translations whose main purpose is to get me to link to a particular site. I don’t participate in SEO schemes.
|I am not on Facebook|
I do not use GPG for email. If you send me GPG-encrypted email, it is likely that I end up not reading it.
Starting from the beginning of July 2013, I intend to use the following key for code signing. (The certifacation key is only for key signing. There is a signing subkey for other signatures—particularly code signing.) This key is available (insecurely; you need to check the fingerprint) via DNS PKA (
gpg --auto-key-locate pka).
pub 4096R/A429300434296AC0 2013-07-03 Key fingerprint = 3E95 6FC6 CE0B CAA8 F509 D291 A429 3004 3429 6AC0 uid Henri Sivonen <firstname.lastname@example.org>
Prior to July 2013, I used the following key (the certifacation key itself) for code signing.
pub 1024D/CEE122264BF78053 2008-02-26 Key fingerprint = F48B 82DF CB8E C84C 5418 01FC CEE1 2226 4BF7 8053 uid Henri Sivonen <email@example.com>
For completeness, I have signed transition statement.
Note: Someone other than me uploaded keys with colliding short key IDs with mine (with my name and email address on them; possibly created as part of the Evil32 research, but I did not bother to check) to public key servers. Do not use short key IDs!
For authorizing me for SSH access: SSH public key (GPG signature)