Re: [DNSOP] Alternative Special-Use TLD problem statement draft

[Philip Homburg <pch-dnsop@u-1.phicoh.com>]

In your letter dated 7 Apr 2016 21:26:51 -0000 you wrote:
>>Just because TOR asks for .onion doesn't mean it should be given it.
>
>The TOR project has been distributing software that special cases
>the .onion TLD for close to a decade.
>
>If the IETF said "you're wrong, go away", what exactly do you
>think they would do?

They would have been in serious trouble.

The problem with the special use registry is that it comes from a line of
thinking that as long as you properly partition the name space, all is fine.

I.e., names have no other properties than that they are either resolved in 
DNS or not.

For the tor project, onion names leaking into DNS is a problem. But is not
clear if and when the current RFC will have any operational impact. It is more a
would be nice if DNS resolvers would filter onion.

There was no real risk that somebody would start using .onion or even that tor
users would be affect by such use.

There was however a really big issue, CA were going to refuse DV certificates
for .onion because officially it did not exist.

Read for example, https://www.ietf.org/blog/2015/09/onion/

So the IETF, saying no we don't want this would have had an impact on this.

The IETF giving a stamp of approval on either a protocol or a name can have a
lot of impact because other (standards) organizations recognize the IETF as the
authority on this.

Adrien de Croy wrote:
"I understand the IETF is supposed to obtain consensus, but I didn't
"see anything in http WG on this until after the fact.  Special use
"names has wide-ranging repercussions.

This is in line with the concept that the special use register is only about
reserving the name. How this impact users of the name space is essentially
not considered. See the rather poor treatment in RFC 7686.

To use the words 'protocol police'. Yes, the IETF is the protocol police. That's
its role in the internet. We can still refer to our documents as 'requests
for comments'. The outside world sees them as the official seal of approval
of the Internet's standards organization.

And in this sense, the IETF should only say yes to a naming protocol if 
it makes sense in the overall architecture of internet related software.
Explictly considering the rather complex interaction between naming and
security in many applications (such as web browsers).