IETF Logo Mail Archive

Re: [DNSOP] Adoption and Working Group Last Call for draft-appelbaum-dnsop-onion-tld

Richard Barnes <rlb@ipv.sx> Sat, 23 May 2015 14:35 UTC

Return-Path: <rlb@ipv.sx>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A98C11A1B6B for <dnsop@ietfa.amsl.com>; Sat, 23 May 2015 07:35:52 -0700 (PDT)
X-Quarantine-ID: <hVVQSYXraoxM>
X-Virus-Scanned: amavisd-new at amsl.com
X-Amavis-Alert: BANNED, message contains text/plain,.exe
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hVVQSYXraoxM for <dnsop@ietfa.amsl.com>; Sat, 23 May 2015 07:35:46 -0700 (PDT)
Received: from mail-la0-f49.google.com (mail-la0-f49.google.com [209.85.215.49]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6177E1A1B48 for <dnsop@ietf.org>; Sat, 23 May 2015 07:35:45 -0700 (PDT)
Received: by laat2 with SMTP id t2so28518700laa.1 for <dnsop@ietf.org>; Sat, 23 May 2015 07:35:43 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=R+RKPRncF4UOr/9wgyfI7AHXSUh3v9mBhgA8meM7BSA=; b=b3fmP7XKovZcAO20jZw5NvZ+YPCDpquCTakUNUxwcT8njcQfcb8p13lGbBzmXsbd0N ZNQtqDCmR/Guflb/ub+1PNLJR3CtybTKYhf55kjDFxJ+eiCxuszqsJ9/TMQ8WjjMhZS1 qt7+/X9elkPQ1cDTpeea4Ud+U8FBbbjS2OO/2bucOfXeLofWNbGZVe5ln64eOVixIHHt GeaWOqcW0QyAKIJA0pKLn83SmCUnnmIX/EFNiuXCUVO7zT9M03wKSfB/v5Zyx72hFak9 DdWUxnKJ0Uu28ArZGhjzS8NkDIkBn6Yb0Xo1IKiRsRisGz1s6odmNprtTSjOqq5vbniG McKw==
X-Gm-Message-State: ALoCoQmWgbjRpHtdWODorh9juMMNPVvrCmEwvR6Zv8G+uoMVFh0za4uELNVlSh97QpIp6KqM0+5w
MIME-Version: 1.0
X-Received: by 10.112.125.33 with SMTP id mn1mr10629236lbb.82.1432391743666; Sat, 23 May 2015 07:35:43 -0700 (PDT)
Received: by 10.25.214.162 with HTTP; Sat, 23 May 2015 07:35:43 -0700 (PDT)
In-Reply-To: <555CC061.7040109@gmail.com>
References: <555CC061.7040109@gmail.com>
Date: Sat, 23 May 2015 10:35:43 -0400
Message-ID: <CAL02cgSdb4goJ=PaucvEHZp_0fssdPQ8t4z964Znp-_Hho6psQ@mail.gmail.com>
From: Richard Barnes <rlb@ipv.sx>
To: Tim Wicinski <tjw.ietf@gmail.com>
Content-Type: multipart/alternative; boundary="089e0116136a0f97a70516c0b17b"
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/uUv66smASM1u2KWH3BQEKPb0x4Y>
Cc: dnsop <dnsop@ietf.org>
Subject: Re: [DNSOP] Adoption and Working Group Last Call for draft-appelbaum-dnsop-onion-tld
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 23 May 2015 14:35:52 -0000

tl;dr: Ship it.

On adoption: I agree that we should adopt this document.

On WGLC: I have reviewed this document, and I think it's generally in fine
shape to send to the IESG.  I have included a few comments below, but
they're mostly editorial.  The only issue of any substance is that I would
prefer some of the SHOULDs be MUSTs, for extra clarity.

Thanks to the WG for the good discussion, and to the chairs for acting with
lightning speed in IETF terms.

--Richard


"""
   This information is not meaningful to the Tor
   protocol, but can be used in application protocols like HTTP
   [RFC7230].
"""

It took me a second to process what this meant.  Would the following
phrasing be correct?

"""
   Labels beyond the first label under ".onion" are not used by
   the Tor routing, so for example, "foo.example.onion" will route
   to (and authenticate) the same Tor service as "example.onion".
   However, additional labels might be used by application services
   to distinguish different sub-services accessible via the same Tor
   service.  In the case of HTTP, for example, the full name, with
   all labels, will be included in the Host header, and can be used
   to identify HTTP virual hosts on a common server.
"""

Might not be necessary to clarify this much, but like I said, it wasn't
obvious to me what the sub-label handling would be.


----------


"Note that this draft was preceded by
[I-D.grothoff-iesg-special-use-p2p-names] ..."

This paragraph can probably be deleted in the final version.


----------


"The ".onion" Special-Use TLD" -> "The ".onion" Special-Use Domain Name"

(For consistency with RFC 6761)


----------


"""
       ... or using a proxy (e.g., SOCKS [RFC1928])
       to do so.  Applications that do not implement the Tor protocol
       SHOULD generate an error upon the use of .onion, and SHOULD NOT
       perform a DNS lookup.
"""

It might be worth noting that in the scope of the last sentence,
"Applications" includes proxies.  That is, your proxy should n't generate a
DNS request if it gets a .onion request either.  I would just add
"(including proxies)" between "protocol" and "SHOULD".


----------


"""
   3.  Name Resolution APIs and Libraries: Resolvers that implement the
       Tor protocol MUST either respond to requests for .onion names by
       resolving them (see [tor-rendezvous]) or by responding with
       NXDOMAIN.  Other resolvers SHOULD respond with NXDOMAIN.
"""

This seems a little backward.  It seems like the general requirement is
that resolvers MUST either resolve over Tor or return NXDOMAIN.  If you
don't support Tor, you just fall in the latter bucket.  Don't be afraid to
MUST DNS servers, here or in the subsequent points.


----------



On Wed, May 20, 2015 at 1:12 PM, Tim Wicinski <tjw.ietf@gmail.com> wrote:

>
> Greetings,
>
> From the outcome of the Interim meeting, and discussion on the list, this
> draft appears to both have strong support and address the problem space of
> RFC 6761.  The authors have requested a Call for Adoption. The chairs want
> to move forward with this draft if it has consensus support.
>
> It also seems that the document is relatively mature in terms of what
> people need to know in order to decide whether to support advancing it. As
> we have done with other drafts where a lengthy revision process didn’t seem
> necessary to reach a draft we could advance further, and in consideration
> of the timeliness constraint raised by the authors, the chairs are going to
> combine the adopting of the document with the Working Group Last Call.
>
> The draft can be found here:
>
> https://datatracker.ietf.org/doc/draft-appelbaum-dnsop-onion-tld/
>
> https://tools.ietf.org/html/draft-appelbaum-dnsop-onion-tld-01
>
> Please review the draft and offer relevant comments. In particular, we’ve
> heard reservations expressed about the precedent that might be set by
> advancing this document, and about the level of specification of the TOR
> protocols that we might like to see included in the descriptions of the
> expected “special” treatment of .onion names in the field. So if people
> feel strongly about possible changes, we need to know.
>
> Because of the compression of adoption and WGLC, we're making this a three
> week window.  The working group last call will end on Wednesday June 10th,
> 2015.
>
> thanks
> tim
>
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop
>

v2.23.0 | Report a Bug | By Email