Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tld-00.txt> (The .onion Special-Use Domain Name) to Proposed Standard
Edward Lewis <edward.lewis@icann.org> Wed, 15 July 2015 12:42 UTC
Return-Path: <edward.lewis@icann.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 28B371A8AB3; Wed, 15 Jul 2015 05:42:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.431
X-Spam-Level:
X-Spam-Status: No, score=-3.431 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_NEUTRAL=0.779, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Bz379Qo9pX-8; Wed, 15 Jul 2015 05:42:26 -0700 (PDT)
Received: from out.west.pexch112.icann.org (pfe112-ca-1.pexch112.icann.org [64.78.40.7]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 256A71A8AA8; Wed, 15 Jul 2015 05:42:26 -0700 (PDT)
Received: from PMBX112-W1-CA-1.pexch112.icann.org (64.78.40.21) by PMBX112-W1-CA-2.pexch112.icann.org (64.78.40.23) with Microsoft SMTP Server (TLS) id 15.0.1044.25; Wed, 15 Jul 2015 05:42:23 -0700
Received: from PMBX112-W1-CA-1.pexch112.icann.org ([64.78.40.21]) by PMBX112-W1-CA-1.PEXCH112.ICANN.ORG ([64.78.40.21]) with mapi id 15.00.1044.021; Wed, 15 Jul 2015 05:42:23 -0700
From: Edward Lewis <edward.lewis@icann.org>
To: "ietf@ietf.org" <ietf@ietf.org>, IETF-Announce <ietf-announce@ietf.org>
Thread-Topic: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tld-00.txt> (The .onion Special-Use Domain Name) to Proposed Standard
Thread-Index: AQHQvmrz3HvFHNRIO06SM+I8NqN9Up3crNMA
Date: Wed, 15 Jul 2015 12:42:23 +0000
Message-ID: <D1CBC489.D039%edward.lewis@icann.org>
References: <20150714192438.1138.96059.idtracker@ietfa.amsl.com>
In-Reply-To: <20150714192438.1138.96059.idtracker@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.5.3.150624
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [192.0.47.234]
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha1"; boundary="B_3519794538_18320374"
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/-V_iscIY_1ZE8UDYfkCFvl1ffjo>
Cc: "dnsop@ietf.org" <dnsop@ietf.org>
Subject: Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tld-00.txt> (The .onion Special-Use Domain Name) to Proposed Standard
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Jul 2015 12:42:28 -0000
On 7/14/15, 15:24: >The IESG has received a request from the Domain Name System Operations WG >(dnsop) to consider the following document: >- 'The .onion Special-Use Domain Name' > <draft-ietf-dnsop-onion-tld-00.txt> as Proposed Standard Having read the document plus Ted Hardie's and David Conrad's (who happens to be my boss in real life) comments, I see the documentation as insufficient. As David says, .onion-names use is independent (to some extent) on whether "onion" is registered in the Special Use Domain Names registry. What I am writing here isn't a statement about whether "onion" is to registered, but about the document applying for registration. The document defines the use of the name by referring to a couple of references, none of which appears to be published in a way that can be referenced except by URL. Not to say that the documents seen are poorly written, still there's no evidence of peer review nor stable reference point. (One reference is a well prepared PDF, loaded on Jan 23, 2013 with many other documents to a website that itself has this blurb at the bottom: "Historical page reflecting onion-router.net as of 2005, not regularly maintained. Address questions to...") This is not a critique of the content of the PDF, just the ability to rely on it for a decision. The document also shows no evidence of the deployment of the use of the names below "onion." In David's email, and in others, there are comments regarding an "installed base". I've only seen any discussion about an installed base in email, this is not in the documents. In (say) 50 years, what matters is what is in the published RFC, not the mailing lists. Presence in the documents being put forward is important. (E.g., has anyone consulted the annual DNS-OARC DITL data to measure how often "onion" names are seen at root servers during that collection?) Drilling into the criteria that are presented. Not all of them. 1. Users. The draft states "human users are expected to recognize .onion names as..." How are users supposed to recognize them as (special)? In as much as the document says nothing about evidence of deployment and adoption, how can an expectation be developed? If I hadn't been reading the thread on DNSOP, I wouldn't have thought "onion" was special - but I live in a cave, so what I think isn't important. 4. Caching DNS Servers and 5. Authoritative DNS Servers I really believe that for DNS elements, there should be no change. By intent, the onion names are not to be presented to the DNS by what's in category 2 and 3 (Applications and Name Resolution API's respectively). I see placing any requirement on DNS elements - and by that I mean the software used to implement the DNS standard - as a bad idea, under the heading of "permanent fix to a temporary situation." (I.e., Tor may not be permanent, if it is, as software matures onion names will not be in DNS queries.) 6. DNS Operators Having had experience with that field, I don't see this being a reliable "rule." In general, when a customer loads a zone into a system, there's no way to check whether they have the "right" to use the name. This is more an issue I have with RFC 6761 and in general how the documents are used in operations than a comment on the "onion" application. Nevertheless, I wouldn't rely rule on operators, given that anyone can set up a name server (the code is free and privileged user accounts are easy on laptops), to be an effective means to enforce name restrictions. 7. DNS Registrars/Registries This is the place where a case should be made for the registering "onion" as a Special Use Domain Name. Given the story to date, that "onion" is not to be in the DNS, then don't change the protocol (5,6 above) but then set up barriers to putting it in the DNS (7 here). If you do that, then Name Resolution libraries (3 above) will return "name error" or NXDOMAIN to all queries in the onion domain of names. I see this as where registry policy documents can "point" (by reference) to a list of names that are specially reserved or restricted. I'm agreeing with Ted in that this application is insufficient. I'm agreeing with David in that designating "onion" in such a way as to fix the "CAB Forum" stuff is acceptable. My concern is that, if this application proceeds as documented, the precedent being set could be regrettable.
- [DNSOP] Last Call: <draft-ietf-dnsop-onion-tld-00… The IESG
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Ted Hardie
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Stephane Bortzmeyer
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… David Conrad
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Patrik Fältström
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Edward Lewis
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Stephane Bortzmeyer
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Stephane Bortzmeyer
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Bob Harold
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Edward Lewis
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… hellekin
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… hellekin
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Hugo Maxwell Connery
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Ted Lemon
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Ted Lemon
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Richard Barnes
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Edward Lewis
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Ted Lemon
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Edward Lewis
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Ted Lemon
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… John Levine
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Edward Lewis
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… David Conrad
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… hellekin
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Rubens Kuhl
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Francisco Obispo
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Ted Lemon
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Ted Lemon
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Ted Lemon
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Francisco Obispo
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Ted Lemon
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Francisco Obispo
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Ted Lemon
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Francisco Obispo
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Joe Hildebrand
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… hellekin
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Hugo Maxwell Connery
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… hellekin
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Tom Ritter
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Ted Lemon
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Richard Barnes
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Edward Lewis
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… David Conrad
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… David Conrad
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Paul Vixie
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… David Conrad
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Tim Wicinski
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Paul Vixie
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… joel jaeggli
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Andrew Sullivan
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Andrew Sullivan
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… David Conrad
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… hellekin
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Joseph Lorenzo Hall
- Re: [DNSOP] Stability of identifiers (Was: Last C… joel jaeggli
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… joel jaeggli
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… joel jaeggli
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Hugo Maxwell Connery
- [DNSOP] Stability of identifiers (Was: Last Call:… Stephane Bortzmeyer
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Stephane Bortzmeyer
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Stephane Bortzmeyer
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Eliot Lear
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Stephane Bortzmeyer
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… David Conrad
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… David Conrad
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Richard Barnes
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… hellekin
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Hugo Maxwell Connery
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… hellekin
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Eliot Lear
- [DNSOP] namespace control (was Re: Last Call: <dr… David Conrad
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… hellekin
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Paul Vixie
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Paul Vixie
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… hellekin
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Paul Vixie
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Francisco Obispo
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Rubens Kuhl
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… hellekin
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Ted Lemon
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Rubens Kuhl
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Ted Lemon
- Re: [DNSOP] what's in .alt, was Last Call: <draft… John Levine
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Ted Lemon
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… David Conrad
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Ted Lemon
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… John Levine
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… joel jaeggli
- Re: [DNSOP] what's in .alt, was Last Call: <draft… Paul Vixie
- [DNSOP] what's in .alt, was Last Call: <draft-iet… Hugo Maxwell Connery
- Re: [DNSOP] what's in .alt, was Last Call: <draft… Hugo Maxwell Connery
- Re: [DNSOP] what's in .alt, was Last Call: <draft… John R Levine
- Re: [DNSOP] what's in .alt, was Last Call: <draft… Paul Vixie
- Re: [DNSOP] what's in .alt, was Last Call: <draft… John R Levine
- Re: [DNSOP] what's in .alt, was Last Call: <draft… Bob Bownes -Seiri
- Re: [DNSOP] what's in .alt, was Last Call: <draft… John R Levine
- Re: [DNSOP] what's in .alt, was Last Call: <draft… Paul Vixie
- Re: [DNSOP] what's in .alt, was Last Call: <draft… John R Levine
- Re: [DNSOP] what's in .alt, was Last Call: <draft… joel jaeggli
- Re: [DNSOP] what's in .alt, was Last Call: <draft… Hugo Maxwell Connery
- Re: [DNSOP] what's in .alt, was Last Call: <draft… Andrew Sullivan
- Re: [DNSOP] what's in .alt, was Last Call: <draft… Christian Grothoff
- Re: [DNSOP] what's in .alt, was Last Call: <draft… Steve Crocker
- Re: [DNSOP] what's in .alt, was Last Call: <draft… Steve Crocker
- Re: [DNSOP] what's in .alt, was Last Call: <draft… Paul Vixie
- Re: [DNSOP] what's in .alt, was Last Call: <draft… Patrik Fältström
- Re: [DNSOP] what's in .alt, was Last Call: <draft… David Conrad
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Florian Weimer
- Re: [DNSOP] what's in .alt, was Last Call: <draft… Paul Vixie
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… David Cake
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… David Cake
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… David Cake
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… David Cake
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… David Cake
- Re: [DNSOP] what's in .alt, was Last Call: <draft… David Cake
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Eliot Lear
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… David Conrad
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Patrik Fältström
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Alec Muffett
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Eliot Lear
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… John Levine
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… hellekin
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Bob Harold
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Ian Maddison
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… John C Klensin
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… David Cake
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Jacob Appelbaum
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Edward Lewis
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Wendy Seltzer
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Edward Lewis
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Chris Baker
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Edward Lewis
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Mark Andrews
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Alec Muffett
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Ted Hardie
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Alec Muffett
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… hellekin
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Ted Hardie
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… John Levine
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Alec Muffett
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Steve Crocker
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Mark Andrews
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Joe Hildebrand
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… John R Levine
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Alec Muffett
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Darcy Kevin (FCA)
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Mark Nottingham
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Alec Muffett
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Andrew Sullivan
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Sam Hartman
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Darcy Kevin (FCA)
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Roy T. Fielding