Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tld-00.txt> (The .onion Special-Use Domain Name) to Proposed Standard

David Conrad <drc@virtualized.org> Wed, 15 July 2015 02:37 UTC

Return-Path: <drc@virtualized.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 91DD31B3105 for <dnsop@ietfa.amsl.com>; Tue, 14 Jul 2015 19:37:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=unavailable
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JI9kFrWnZVyN for <dnsop@ietfa.amsl.com>; Tue, 14 Jul 2015 19:37:06 -0700 (PDT)
Received: from mail-pd0-f172.google.com (mail-pd0-f172.google.com [209.85.192.172]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9EEA61B3103 for <dnsop@ietf.org>; Tue, 14 Jul 2015 19:37:06 -0700 (PDT)
Received: by pdbep18 with SMTP id ep18so16498302pdb.1 for <dnsop@ietf.org>; Tue, 14 Jul 2015 19:37:05 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:mime-version:content-type:from :in-reply-to:date:cc:message-id:references:to; bh=M2OehI+xMaq06En9JedeC+yVpj1D8o/+PtwSPJXaPVE=; b=FCZ52CFNQOE3hvKQBp2W3nOfxSuoansdEVS/ZNIxiaBm5tRuS3itotllncLe7nnDRH Lm3bW86Mao7mA8S8v/qLlvzGwwgv/YR3tViaf2Ij4mZm/XL9IK+ybbIX1d/A1P/AjPgp KgsxdzlHa2bFhxgOnazzMRlVpPa1djnm0kePGAEJwFJ9Z/kIdBwF5vCZpZ5nEdSy/x7b ZaisOyd34OMtboJLMh2InRtVQ7mfSSGBEunYHqtO9aYeckleH8Out2eIPf+6ZPUBLKAr lVddU8dRTDmRGVz/gyn29gM7Pr3sdy4gxmPo/eLVX3eAL7nA8q5AQM08s13KjpKxH9Mq g0Ag==
X-Gm-Message-State: ALoCoQktugUgVwmoeUHFtM48gNporIL1ttbbbNPQ4pC0U87WMjXuf9wi2Ga6Ns83O0Lkx1XyzukD
X-Received: by 10.66.161.135 with SMTP id xs7mr3322502pab.154.1436927825409; Tue, 14 Jul 2015 19:37:05 -0700 (PDT)
Received: from ?IPv6:2601:647:4300:6ed2:e1c5:c776:44b5:21ca? ([2601:647:4300:6ed2:e1c5:c776:44b5:21ca]) by smtp.gmail.com with ESMTPSA id og1sm2734905pdb.58.2015.07.14.19.37.03 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 14 Jul 2015 19:37:04 -0700 (PDT)
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2102\))
Content-Type: multipart/signed; boundary="Apple-Mail=_48D821B6-3A6E-4559-A539-E7F7901E1995"; protocol="application/pgp-signature"; micalg="pgp-sha512"
X-Pgp-Agent: GPGMail 2.5
From: David Conrad <drc@virtualized.org>
In-Reply-To: <20150714205019.GA20641@sources.org>
Date: Tue, 14 Jul 2015 19:37:01 -0700
Message-Id: <93AA7CD2-DFC0-419C-9103-F39AA711BD79@virtualized.org>
References: <20150714192438.1138.96059.idtracker@ietfa.amsl.com> <CA+9kkMAz1ogcpWAdKaKTRm9f8sV4RO+TKu6aYB717D7+eM0bmw@mail.gmail.com> <20150714205019.GA20641@sources.org>
To: Stephane Bortzmeyer <bortzmeyer@nic.fr>
X-Mailer: Apple Mail (2.2102)
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/EgIoYpLY9rRgVQ0AmyBjhxuffZE>
Cc: dnsop <dnsop@ietf.org>, IETF <ietf@ietf.org>
Subject: Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tld-00.txt> (The .onion Special-Use Domain Name) to Proposed Standard
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Jul 2015 02:37:10 -0000

> The whole point of this "registration" is to avoid leaks in the
> DNS (section 2 of the draft).

The listing of a string in the special names registry will, of course, not by itself cause leaks to be avoided. It may provide a facility for leaks to be avoided in the future.

>> This does not describe special handling _within the DNS_, but
>> instead removes a portion of the global namespace from the DNS at
>> all.
> 
> Same thing for RFC 6762 (which was the first applictaion of RFC 6761,
> and nobody objected about it).

To put it bluntly, from a certain perspective, 6762 and dnsop-onion are essentially about the same thing: they are formalizing squatting on namespace (by Apple in the first instance and by TOR in the second). As such, I'm not sure 6762 is a good precedent to rely on.

I try to be pragmatic. Given I do not believe that refusing to put ONION in the special names registry will stop the use of .ONION, the size of the installed base of TOR implementations, and the implications of the use of that string in certificates, I supporting moving ONION to the special names registry.  I really (really) wish there was more concrete, objective metrics (e.g., size of installed base or some such), but my gut feeling is that TOR is pretty well deployed and given the CAB Forum stuff, I see no particular reason to delay (after all, it's not like the deployed base of TOR is likely to get smaller).

Regards,
-drc