Re: [DNSOP] On the call for adoption on Special Use Names (Please! Pretty please, with a cherry on top?!)

Philip Homburg <pch-dnsop-1@u-1.phicoh.com> Sat, 01 October 2016 18:48 UTC

Return-Path: <pch-bF054DD66@u-1.phicoh.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0DE5612B0CB for <dnsop@ietfa.amsl.com>; Sat, 1 Oct 2016 11:48:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.421
X-Spam-Level:
X-Spam-Status: No, score=-0.421 tagged_above=-999 required=5 tests=[PLING_QUERY=0.279, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qNtyhn2WVsap for <dnsop@ietfa.amsl.com>; Sat, 1 Oct 2016 11:48:53 -0700 (PDT)
Received: from stereo.hq.phicoh.net (stereo.hq.phicoh.net [130.37.15.35]) by ietfa.amsl.com (Postfix) with ESMTP id E0E2212B03D for <dnsop@ietf.org>; Sat, 1 Oct 2016 11:48:52 -0700 (PDT)
Received: from stereo.hq.phicoh.net (localhost [::ffff:127.0.0.1]) by stereo.hq.phicoh.net with esmtp (Smail #91) id m1bqPL7-0000DuC; Sat, 1 Oct 2016 20:48:49 +0200
Message-Id: <m1bqPL7-0000DuC@stereo.hq.phicoh.net>
To: dnsop@ietf.org
From: Philip Homburg <pch-dnsop-1@u-1.phicoh.com>
Sender: pch-bF054DD66@u-1.phicoh.com
References: <alpine.OSX.2.11.1609292041280.86752@ary.qy> <CAKr6gn04Jj5ar2OhztH2uc4WpFZBZ=WKZdx-1ufdFMb9NAQupQ@mail.gmail.com> <CAPt1N1=zDBcbaPVi50dFJXVVSrsBuUrb52iBu4T76Y_zYuxFkQ@mail.gmail.com> <CAPt1N1=5kAb20mGLJPmmuQCL6ta9aJn3uEdVv=gVgG9erQoKkw@mail.gmail.com> <CAPt1N1km66hoc7VFPvaHi4Sc0WuQxZFtQUPjLjK_Sj6qAtZ5UQ@mail.gmail.com> <CAPt1N1keNUiDAUuVn97XLb3W6oH7zdZhMeNbg3h-O892+acPVQ@mail.gmail.com> <CAHw9_iKS_BQUV1sJ2vm=CSvHNJ3jH6G8VJKN1kSbc78hauPraw@mail.gmail.com> <alpine.LRH.2.20.1609292250500.13311@bofh.nohats.ca> <CAHw9_iKjfrEHxTA0rkzUa8Y-S_jDqvUxAqH2Yik6a2UiSYViTw@mail.gmail.com>
In-reply-to: Your message of "Sat, 1 Oct 2016 14:25:06 -0400 ." <CAHw9_iKjfrEHxTA0rkzUa8Y-S_jDqvUxAqH2Yik6a2UiSYViTw@mail.gmail.com>
Date: Sat, 01 Oct 2016 20:48:48 +0200
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/HhbxcZvbhrnqL87gqptTHNIyRzU>
Subject: Re: [DNSOP] On the call for adoption on Special Use Names (Please! Pretty please, with a cherry on top?!)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 01 Oct 2016 18:48:55 -0000

In your letter dated Sat, 1 Oct 2016 14:25:06 -0400 you wrote:
> Sure, many people didn't like the .ONION discussion / outcome --
> but what would your advice have been to the TOR community if we'd
> already decided to abdicate our position? "Dear TOR folk. Go talk
> to ICANN..  Yeah, I know that that won't actually help you; you
don't fit in their model, and the process isn't open now anyway.
> Guess you shouldn't have squatted on that name, huh"?

It seems to me that the tor community created two problems. And then put a lot of
pressure on the IETF to solve those problems.

The first problem is that .onion names leak into DNS. This is not a problem 
for DNS, you just get a NXDOMAIN. DNS as a whole has no problem with the
resulting load. But it is a problem for the tor project, because for their
project this is a security problem. Somehow, the IETF went along and was
willing to create additional requirements on all parts of DNS to treat
.onion special. 

The second problem was that CAs refused to sign certificates for .onion. Again,
this was not an IETF problem. But somehow the tor project managed to put 
pressure on the IETF to grant them that name. 

I'd say this is a problem.