Re: [DNSOP] Last Call: <draft-ietf-dnsop-sutld-ps-05.txt> (Special-Use Domain Names Problem Statement) to Informational RFC

Job Snijders <job@ntt.net> Mon, 12 June 2017 15:00 UTC

Return-Path: <job@instituut.net>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A6EF412EB2D for <dnsop@ietfa.amsl.com>; Mon, 12 Jun 2017 08:00:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.419
X-Spam-Level:
X-Spam-Status: No, score=-1.419 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RCVD_IN_SORBS_SPAM=0.5] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZlKXbv4BaW7f for <dnsop@ietfa.amsl.com>; Mon, 12 Jun 2017 08:00:38 -0700 (PDT)
Received: from mail-lf0-f44.google.com (mail-lf0-f44.google.com [209.85.215.44]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7B03B12EB26 for <dnsop@ietf.org>; Mon, 12 Jun 2017 08:00:38 -0700 (PDT)
Received: by mail-lf0-f44.google.com with SMTP id p189so52367450lfe.2 for <dnsop@ietf.org>; Mon, 12 Jun 2017 08:00:38 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=pkeKeP/Pix+rN9UQd7pdxJidKhjWTuh1mc9XiI+F0qM=; b=QjGW+Od5j86GNouoP7G6WQfe1cfnDtnmx9x7af77pKlX4rUNLXIiCEDUhvH4LKm0Zy cQ13p4mgYcyMUK/V0ATzxy8hugwez7yBECy+548NmXpqcnG5ASNw6KUnbxuMBgV7gU4K hCRs6vstJyEY3PisTUaknnAnQEEHRrMcwOSzagcGNfyk+XhvLGSeOMFW9x2W4aeTZiUV mIcNJeQ243VZpX+hANb8vbs3Ly5UmgCKkUDOuQJidOWj5ymuL5m03ANHomC8vh0juTqD FY2V5rDSd8cLgCd6WQ4HfcpjKIknOxHDJpzqhDwWxqckg0gdhXOtvWH3dYyZNJP/DjRs Z4pQ==
X-Gm-Message-State: AODbwcCvZzXDUR8xfcJkVkn/sfTrmNplr8GrXkvdrOod0OoBpkUpVXQP 4nfk+1Lm3UFmXPdd
X-Received: by 10.80.144.40 with SMTP id b37mr32105838eda.36.1497279636118; Mon, 12 Jun 2017 08:00:36 -0700 (PDT)
Received: from localhost ([2001:67c:208c:10:b984:270f:516c:29c8]) by smtp.gmail.com with ESMTPSA id e31sm5260449eda.15.2017.06.12.08.00.35 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 12 Jun 2017 08:00:35 -0700 (PDT)
Date: Mon, 12 Jun 2017 17:00:34 +0200
From: Job Snijders <job@ntt.net>
To: Stephane Bortzmeyer <bortzmeyer@nic.fr>
Cc: ietf@ietf.org, dnsop@ietf.org
Message-ID: <20170612150034.f4etrpuhbnvbzpzz@hanna.meerval.net>
References: <149678027581.3850.9197039878287017082.idtracker@ietfa.amsl.com> <20170612135200.ya3tivlhg2dhe3ry@nic.fr>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20170612135200.ya3tivlhg2dhe3ry@nic.fr>
X-Clacks-Overhead: GNU Terry Pratchett
User-Agent: NeoMutt/20170428 (1.8.2)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/xrcbMHTHfZ-GTHjftBAaXprF1To>
Subject: Re: [DNSOP] Last Call: <draft-ietf-dnsop-sutld-ps-05.txt> (Special-Use Domain Names Problem Statement) to Informational RFC
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Jun 2017 15:00:41 -0000

On Mon, Jun 12, 2017 at 03:52:00PM +0200, Stephane Bortzmeyer wrote:
> On Tue, Jun 06, 2017 at 01:17:55PM -0700,
>  The IESG <iesg-secretary@ietf.org> wrote 
>  a message of 42 lines which said:
> 
> > The IESG has received a request from the Domain Name System
> > Operations WG (dnsop) to consider the following document: -
> > 'Special-Use Domain Names Problem Statement'
> > <draft-ietf-dnsop-sutld-ps-05.txt> as Informational RFC
> 
> For an issue which is quite contentious and sensitive, I think there
> are some points in the document that deserve a change.
> 
> Biggest point: the IESG decided to freeze the RFC 6761 process
> <https://www.ietf.org/blog/2015/09/onion/> I regret this decision (RFC
> 6761 is still in force, it has not been deprecated or updated) and,
> unfortunately, registration of new Special-Use Domain Names is now
> impossible (pending an action on RFC 6761 that will probably never
> come). So, de facto, a regular process has been shut down, leaving the
> IETF without a possibility to register these domain names.
> 
> 
> * Section 4.2.2 says "the fact of its unilateral use by The Tor
> Project without following the RFC 6761 process" The onion TLD was in
> use in Tor since 2004, nine years before the publication of RFC
> 6761. It is grossly unfair to reproach not following an unpublished
> RFC. It was mentioned a long time ago
> <https://mailarchive.ietf.org/arch/msg/dnsop/nr4ECaVw6PT09o2xdM3jrKllHBI>

----

OLD:
   The situation was somewhat forced, both by the fact of its unilateral
   use by The Tor Project without following the RFC 6761 process, and
   because a deadline had been set by the CA/Browser Forum
   [SDO-CABF-INT] after which all .onion PKI certificates would expire
   and no new certificates would be issued, unless the .onion
   Special-Use Top-Level Domain Name were to be recognized by the IETF.

NEW:
   The situation was somewhat forced, both by the fact that use of the
   .onion domain name by the Tor Project predates the process described
   in RFC 6761 by 9 years, and because a deadline [CABF-DEADLINE] had
   been set by the CA/Browser Forum [CABF] after which all PKI
   certificates for internal names would expire and no new certificates
   would be issued. At the time .onion was considered an internal name.
   IETF recognition of the .onion as a Special-Use Top-Level Domain Name
   facilitated the development of a certificate issuance process
   specific to .onion domain names [CABF-BALLOT144]. 

[CABF-DEADLINE] should link to https://www.digicert.com/internal-names.htm
[CABF] should link to https://cabforum.org/
[CABF-BALLOT144] should link to https://cabforum.org/2015/02/18/ballot-144-validation-rules-dot-onion-names/

----

I wasn't there, but reading ballot-144, some cabforum mails, and 
https://blog.torproject.org/blog/landmark-hidden-services-onion-names-reserved-ietf
it appears to me that all parties involved were actively trying to fix a
long standing broken situation.

Kind regards,

Job