Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tld-00.txt> (The .onion Special-Use Domain Name) to Proposed Standard

[Ted Hardie <ted.ietf@gmail.com>]

On Tue, Jul 14, 2015 at 12:24 PM, The IESG <iesg-secretary@ietf.org> wrote:

>
> The IESG has received a request from the Domain Name System Operations WG
> (dnsop) to consider the following document:
> - 'The .onion Special-Use Domain Name'
>   <draft-ietf-dnsop-onion-tld-00.txt> as Proposed Standard
>
> The IESG plans to make a decision in the next few weeks, and solicits
> final comments on this action. Please send substantive comments to the
> ietf@ietf.org mailing lists by 2015-08-11. Exceptionally, comments may be
> sent to iesg@ietf.org instead. In either case, please retain the
> beginning of the Subject line to allow automated sorting.
>
> Abstract
>
> This document uses the Special-Use Domain Names registry to register the
> '.onion' Top Level Domain (TLD) for the Tor Network. This is deemed
> necessary
> for hosts on the ToR network to apply for and receive legitimate SSL
> Certificates.
>
>
​Speaking as an individual only​, I do not believe that this request is
well-formed.  In May of 2000, the IAB of the time issued RFC 2826, which
provided a technical commentary on the value of the unique DNS root.  Among
its statements is this:

   The DNS fulfills an essential role within the Internet protocol
   environment, allowing network locations to be referred to using a
   label other than a protocol address.

​I believe that .onion is, essentially, a way for structuring protocol
addresses so that they appear to be DNS names.  It does not conform to the
delegation model of the DNS, and it requires special knowledge on the part
of the handler to understand it.  The authors of the document propose to
register it in the DNS under the rubric of RFC 6761, which says:

   If it is determined that special handling of a name is required in
   order to implement some desired new functionality, then an IETF
   "Standards Action" or "IESG Approval" specification [RFC5226
<https://tools.ietf.org/html/rfc5226>] MUST be
   published describing the new functionality.

   The specification MUST state how implementations determine that the
   special handling is required for any given name.  This is typically
   done by stating that any fully qualified domain name ending in a
   certain suffix (i.e., falling within a specified parent pseudo-
   domain) will receive the special behaviour.  In effect, this carves
   off a sub-tree of the DNS namespace in which the modified name
   treatment rules apply, analogous to how IP multicast [RFC1112
<https://tools.ietf.org/html/rfc1112>] or IP
   link-local addresses [RFC3927
<https://tools.ietf.org/html/rfc3927>] [RFC4862
<https://tools.ietf.org/html/rfc4862>] carve off chunks of the IP
   address space in which their respective modified address treatment
   rules apply.


​I do not believe this document is sufficient to describe the new
functionality​; the primary description is actually in an informational
reference, [Dingledine2004].
<https://www.onion-router.net/Publications/tor-design.pdf>This does not
appear, at least to me, to meet the requirements set out in the
registration document.

Further, I believe this stretches the "special handling" requirement of RFC
6761 to the breaking point.  This does not describe special handling
_within the DNS_, but instead removes a portion of the global namespace
from the DNS at all.  To me, at least, this does not seem to me to meet the
analogy RFC 6761 provides to IP multicast ranges or local addresses.
Whether it is permitted or not by RFC 6761, it is a bad idea.

​My opinion only,

Ted Hardie​



> The file can be obtained via
> https://datatracker.ietf.org/doc/draft-ietf-dnsop-onion-tld/
>
> IESG discussion can be tracked via
> https://datatracker.ietf.org/doc/draft-ietf-dnsop-onion-tld/ballot/
>
>
> No IPR declarations have been submitted directly on this I-D.
>
>
>
>