Re: [DNSOP] Adoption and Working Group Last Call for draft-appelbaum-dnsop-onion-tld
Richard Barnes <rlb@ipv.sx> Sat, 23 May 2015 14:35 UTC
Return-Path: <rlb@ipv.sx>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A98C11A1B6B for <dnsop@ietfa.amsl.com>; Sat, 23 May 2015 07:35:52 -0700 (PDT)
X-Quarantine-ID: <hVVQSYXraoxM>
X-Virus-Scanned: amavisd-new at amsl.com
X-Amavis-Alert: BANNED, message contains text/plain,.exe
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hVVQSYXraoxM for <dnsop@ietfa.amsl.com>; Sat, 23 May 2015 07:35:46 -0700 (PDT)
Received: from mail-la0-f49.google.com (mail-la0-f49.google.com [209.85.215.49]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6177E1A1B48 for <dnsop@ietf.org>; Sat, 23 May 2015 07:35:45 -0700 (PDT)
Received: by laat2 with SMTP id t2so28518700laa.1 for <dnsop@ietf.org>; Sat, 23 May 2015 07:35:43 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=R+RKPRncF4UOr/9wgyfI7AHXSUh3v9mBhgA8meM7BSA=; b=b3fmP7XKovZcAO20jZw5NvZ+YPCDpquCTakUNUxwcT8njcQfcb8p13lGbBzmXsbd0N ZNQtqDCmR/Guflb/ub+1PNLJR3CtybTKYhf55kjDFxJ+eiCxuszqsJ9/TMQ8WjjMhZS1 qt7+/X9elkPQ1cDTpeea4Ud+U8FBbbjS2OO/2bucOfXeLofWNbGZVe5ln64eOVixIHHt GeaWOqcW0QyAKIJA0pKLn83SmCUnnmIX/EFNiuXCUVO7zT9M03wKSfB/v5Zyx72hFak9 DdWUxnKJ0Uu28ArZGhjzS8NkDIkBn6Yb0Xo1IKiRsRisGz1s6odmNprtTSjOqq5vbniG McKw==
X-Gm-Message-State: ALoCoQmWgbjRpHtdWODorh9juMMNPVvrCmEwvR6Zv8G+uoMVFh0za4uELNVlSh97QpIp6KqM0+5w
MIME-Version: 1.0
X-Received: by 10.112.125.33 with SMTP id mn1mr10629236lbb.82.1432391743666; Sat, 23 May 2015 07:35:43 -0700 (PDT)
Received: by 10.25.214.162 with HTTP; Sat, 23 May 2015 07:35:43 -0700 (PDT)
In-Reply-To: <555CC061.7040109@gmail.com>
References: <555CC061.7040109@gmail.com>
Date: Sat, 23 May 2015 10:35:43 -0400
Message-ID: <CAL02cgSdb4goJ=PaucvEHZp_0fssdPQ8t4z964Znp-_Hho6psQ@mail.gmail.com>
From: Richard Barnes <rlb@ipv.sx>
To: Tim Wicinski <tjw.ietf@gmail.com>
Content-Type: multipart/alternative; boundary="089e0116136a0f97a70516c0b17b"
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/uUv66smASM1u2KWH3BQEKPb0x4Y>
Cc: dnsop <dnsop@ietf.org>
Subject: Re: [DNSOP] Adoption and Working Group Last Call for draft-appelbaum-dnsop-onion-tld
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 23 May 2015 14:35:52 -0000
tl;dr: Ship it. On adoption: I agree that we should adopt this document. On WGLC: I have reviewed this document, and I think it's generally in fine shape to send to the IESG. I have included a few comments below, but they're mostly editorial. The only issue of any substance is that I would prefer some of the SHOULDs be MUSTs, for extra clarity. Thanks to the WG for the good discussion, and to the chairs for acting with lightning speed in IETF terms. --Richard """ This information is not meaningful to the Tor protocol, but can be used in application protocols like HTTP [RFC7230]. """ It took me a second to process what this meant. Would the following phrasing be correct? """ Labels beyond the first label under ".onion" are not used by the Tor routing, so for example, "foo.example.onion" will route to (and authenticate) the same Tor service as "example.onion". However, additional labels might be used by application services to distinguish different sub-services accessible via the same Tor service. In the case of HTTP, for example, the full name, with all labels, will be included in the Host header, and can be used to identify HTTP virual hosts on a common server. """ Might not be necessary to clarify this much, but like I said, it wasn't obvious to me what the sub-label handling would be. ---------- "Note that this draft was preceded by [I-D.grothoff-iesg-special-use-p2p-names] ..." This paragraph can probably be deleted in the final version. ---------- "The ".onion" Special-Use TLD" -> "The ".onion" Special-Use Domain Name" (For consistency with RFC 6761) ---------- """ ... or using a proxy (e.g., SOCKS [RFC1928]) to do so. Applications that do not implement the Tor protocol SHOULD generate an error upon the use of .onion, and SHOULD NOT perform a DNS lookup. """ It might be worth noting that in the scope of the last sentence, "Applications" includes proxies. That is, your proxy should n't generate a DNS request if it gets a .onion request either. I would just add "(including proxies)" between "protocol" and "SHOULD". ---------- """ 3. Name Resolution APIs and Libraries: Resolvers that implement the Tor protocol MUST either respond to requests for .onion names by resolving them (see [tor-rendezvous]) or by responding with NXDOMAIN. Other resolvers SHOULD respond with NXDOMAIN. """ This seems a little backward. It seems like the general requirement is that resolvers MUST either resolve over Tor or return NXDOMAIN. If you don't support Tor, you just fall in the latter bucket. Don't be afraid to MUST DNS servers, here or in the subsequent points. ---------- On Wed, May 20, 2015 at 1:12 PM, Tim Wicinski <tjw.ietf@gmail.com> wrote: > > Greetings, > > From the outcome of the Interim meeting, and discussion on the list, this > draft appears to both have strong support and address the problem space of > RFC 6761. The authors have requested a Call for Adoption. The chairs want > to move forward with this draft if it has consensus support. > > It also seems that the document is relatively mature in terms of what > people need to know in order to decide whether to support advancing it. As > we have done with other drafts where a lengthy revision process didn’t seem > necessary to reach a draft we could advance further, and in consideration > of the timeliness constraint raised by the authors, the chairs are going to > combine the adopting of the document with the Working Group Last Call. > > The draft can be found here: > > https://datatracker.ietf.org/doc/draft-appelbaum-dnsop-onion-tld/ > > https://tools.ietf.org/html/draft-appelbaum-dnsop-onion-tld-01 > > Please review the draft and offer relevant comments. In particular, we’ve > heard reservations expressed about the precedent that might be set by > advancing this document, and about the level of specification of the TOR > protocols that we might like to see included in the descriptions of the > expected “special” treatment of .onion names in the field. So if people > feel strongly about possible changes, we need to know. > > Because of the compression of adoption and WGLC, we're making this a three > week window. The working group last call will end on Wednesday June 10th, > 2015. > > thanks > tim > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop >
- [DNSOP] Adoption and Working Group Last Call for … Tim Wicinski
- Re: [DNSOP] Adoption and Working Group Last Call … Joe Abley
- Re: [DNSOP] Adoption and Working Group Last Call … Warren Kumari
- Re: [DNSOP] Adoption and Working Group Last Call … Warren Kumari
- Re: [DNSOP] Adoption and Working Group Last Call … John Levine
- Re: [DNSOP] Adoption and Working Group Last Call … Ted Lemon
- Re: [DNSOP] Adoption and Working Group Last Call … Tom Ritter
- Re: [DNSOP] Adoption and Working Group Last Call … John Levine
- Re: [DNSOP] Adoption and Working Group Last Call … Bob Harold
- Re: [DNSOP] Adoption and Working Group Last Call … Joe Abley
- Re: [DNSOP] Adoption and Working Group Last Call … Francisco Obispo
- Re: [DNSOP] Adoption and Working Group Last Call … Ted Lemon
- Re: [DNSOP] Adoption and Working Group Last Call … Ted Lemon
- Re: [DNSOP] Adoption and Working Group Last Call … John Levine
- Re: [DNSOP] Adoption and Working Group Last Call … Alec Muffett
- Re: [DNSOP] Adoption and Working Group Last Call … John R Levine
- Re: [DNSOP] Adoption and Working Group Last Call … Ted Lemon
- Re: [DNSOP] Adoption and Working Group Last Call … hellekin
- [DNSOP] CABForum rules Paul Hoffman
- Re: [DNSOP] Adoption and Working Group Last Call … str4d
- Re: [DNSOP] Adoption and Working Group Last Call … Richard Barnes
- Re: [DNSOP] Adoption and Working Group Last Call … Richard Barnes
- Re: [DNSOP] Adoption and Working Group Last Call … Andrew Sullivan
- Re: [DNSOP] Adoption and Working Group Last Call … Bob Harold
- Re: [DNSOP] Adoption and Working Group Last Call … John Levine
- Re: [DNSOP] Adoption and Working Group Last Call … Andrew Sullivan
- Re: [DNSOP] Adoption and Working Group Last Call … Andrew Sullivan
- Re: [DNSOP] Adoption and Working Group Last Call … John Levine
- Re: [DNSOP] Adoption and Working Group Last Call … Warren Kumari
- Re: [DNSOP] Adoption and Working Group Last Call … John R Levine
- Re: [DNSOP] Adoption and Working Group Last Call … Edward Lewis
- Re: [DNSOP] registry in .ALT, was Adoption and Wo… John Levine
- Re: [DNSOP] registry in .ALT, was Adoption and Wo… Edward Lewis
- Re: [DNSOP] registry in .ALT Joe Abley
- Re: [DNSOP] Adoption and Working Group Last Call … Tom Ritter