IETF Logo Mail Archive

Re: [DNSOP] Adoption and Working Group Last Call for draft-appelbaum-dnsop-onion-tld

Alec Muffett <alecm@fb.com> Thu, 21 May 2015 19:10 UTC

Return-Path: <prvs=258361e4d9=alecm@fb.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 68DC61A88DE for <dnsop@ietfa.amsl.com>; Thu, 21 May 2015 12:10:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.467
X-Spam-Level:
X-Spam-Status: No, score=-0.467 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Rsbneteb2NWd for <dnsop@ietfa.amsl.com>; Thu, 21 May 2015 12:10:16 -0700 (PDT)
Received: from mx0a-00082601.pphosted.com (mx0a-00082601.pphosted.com [67.231.145.42]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4E1181A88D0 for <dnsop@ietf.org>; Thu, 21 May 2015 12:10:16 -0700 (PDT)
Received: from pps.filterd (m0004348 [127.0.0.1]) by m0004348.ppops.net (8.14.5/8.14.5) with SMTP id t4LJ9pOX016589; Thu, 21 May 2015 12:10:15 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fb.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=facebook; bh=yR215jI+6CyL2xyLYP40fU/5IYOZMOIIF5PopuSOldw=; b=p63I6GItwvXCP8ZFxWHKR8gAfiDdgfHxqFJosQVDmRgG9LsMoHmYLt5ixN5J4NIBbzUu G1VXCI1qKJJNXAVLAN6EUOyBfyGpHvS8KwFLCzR92q26HuwW+ob5fvQGvN+YoadQ5OIc ytNTl26YzhhE9fwwiUhlsRcrQx2ICHXznoA=
Received: from mail.thefacebook.com ([199.201.64.23]) by m0004348.ppops.net with ESMTP id 1uhksq86cu-1 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Thu, 21 May 2015 12:10:15 -0700
Received: from PRN-MBX02-4.TheFacebook.com ([169.254.5.133]) by PRN-CHUB05.TheFacebook.com ([fe80::9886:b2c2:db18:5ba7%12]) with mapi id 14.03.0195.001; Thu, 21 May 2015 12:10:15 -0700
From: Alec Muffett <alecm@fb.com>
To: John Levine <johnl@taugh.com>
Thread-Topic: [DNSOP] Adoption and Working Group Last Call for draft-appelbaum-dnsop-onion-tld
Thread-Index: AQHQkyAh0iPgiI75lkmhWUkX/aqsPJ2Fm1OAgABcvICAAEcbgIABA3QA
Date: Thu, 21 May 2015 19:10:13 +0000
Message-ID: <DDD750B2-91C9-4818-B04A-933A721728E4@fb.com>
References: <20150521034135.67747.qmail@ary.lan>
In-Reply-To: <20150521034135.67747.qmail@ary.lan>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [192.168.52.13]
Content-Type: multipart/signed; boundary="Apple-Mail=_A0C3993C-4701-4200-B8F7-3CBE138FE40E"; protocol="application/pgp-signature"; micalg="pgp-sha512"
MIME-Version: 1.0
X-Proofpoint-Spam-Reason: safe
X-FB-Internal: Safe
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.14.151, 1.0.33, 0.0.0000 definitions=2015-05-21_07:2015-05-21,2015-05-21,1970-01-01 signatures=0
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/Wxoc98Wffp9P41pc1jlZ26GlrRg>
Cc: "dnsop@ietf.org" <dnsop@ietf.org>
Subject: Re: [DNSOP] Adoption and Working Group Last Call for draft-appelbaum-dnsop-onion-tld
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 May 2015 19:10:24 -0000

> On May 21, 2015, at 4:41 AM, John Levine <johnl@taugh.com> wrote:
> 
> I share the concerns about calling .onion a TLD, but I think that's
> easily fixable by calling it something like a special purpose
> namespace, then going through the document and changing it where
> appropriate.

Not to complicate matters, but CA/B-Forum are saying the following:

https://cabforum.org/2015/02/18/ballot-144-validation-rules-dot-onion-names/ <https://cabforum.org/2015/02/18/ballot-144-validation-rules-dot-onion-names/>

> 5. CAs MUST NOT issue a Certificate that includes a Domain Name where .onion is in the right-most label of the Domain Name with a validity period longer than 15 months. Despite Section 9.2.1 of the Baseline Requirements deprecating the use of Internal Names, a CA MAY issue a Certificate containing an .onion name with an expiration date later than 1 November 2015 after (and only if) .onion is officially recognized by the IESG as a reserved TLD.

- my emphasis.

It would be a shame for them to nitpick the rules because "special purpose namespace" != "TLD"?

    - Alec

v2.23.0 | Report a Bug | By Email