IETF Logo Mail Archive

Re: Last Call: <draft-ietf-dnsop-onion-tld-00.txt> (The .onion Special-Use Domain Name) to Proposed Standard

Alec Muffett <alecm@fb.com> Wed, 12 August 2015 03:22 UTC

Return-Path: <prvs=5666b58215=alecm@fb.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3C3AB1A8842 for <ietf@ietfa.amsl.com>; Tue, 11 Aug 2015 20:22:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.244
X-Spam-Level:
X-Spam-Status: No, score=-1.244 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URI_HEX=1.122] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id klElGYoY1qYJ for <ietf@ietfa.amsl.com>; Tue, 11 Aug 2015 20:22:55 -0700 (PDT)
Received: from mx0b-00082601.pphosted.com (mx0b-00082601.pphosted.com [67.231.153.30]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CD93B1A8831 for <ietf@ietf.org>; Tue, 11 Aug 2015 20:22:54 -0700 (PDT)
Received: from pps.filterd (m0004060 [127.0.0.1]) by mx0b-00082601.pphosted.com (8.14.5/8.14.5) with SMTP id t7C3MOpr019424; Tue, 11 Aug 2015 20:22:50 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fb.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=facebook; bh=aer09FSKvWbPKHNmgDsZ7DqZBI6xofPtUmzLQ6BNnl4=; b=YTDTnRlkUnb5INXkdd+ybUNHF73zNRezuZlNQO/ev1DrP3CdZwYogb8hNeN9b2WpCeS4 t32+C3MRDlDvHOLa4l+BgS3KWwlFJ0fU626J3evqxjJC6Mv9QESqEm8pP0JaE6koEkrf /cI10Kjf+TjGoDZakioCOe93y0z4fqjxuTI=
Received: from mail.thefacebook.com ([199.201.64.23]) by mx0b-00082601.pphosted.com with ESMTP id 1w7x2500ps-2 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Tue, 11 Aug 2015 20:22:49 -0700
Received: from PRN-MBX02-4.TheFacebook.com ([169.254.2.114]) by PRN-CHUB05.TheFacebook.com ([fe80::9886:b2c2:db18:5ba7%12]) with mapi id 14.03.0195.001; Tue, 11 Aug 2015 20:22:07 -0700
From: Alec Muffett <alecm@fb.com>
To: Ted Hardie <ted.ietf@gmail.com>
Subject: Re: Last Call: <draft-ietf-dnsop-onion-tld-00.txt> (The .onion Special-Use Domain Name) to Proposed Standard
Thread-Topic: Last Call: <draft-ietf-dnsop-onion-tld-00.txt> (The .onion Special-Use Domain Name) to Proposed Standard
Thread-Index: AQHQ1Hs3RjvWibFSx02Yb/KcU/cg4p4H3y4AgAAVvoCAADOXAA==
Date: Wed, 12 Aug 2015 03:22:07 +0000
Message-ID: <F5B862B9-10E4-4131-A675-9EC16FC50036@fb.com>
References: <20150714192438.1138.96059.idtracker@ietfa.amsl.com> <20150811211733.GG23964@x28.adm.denic.de> <46616F08-3CD4-448E-8638-95CFDA1C6D0F@fb.com> <CA+9kkMDwB9kSoqSuR3MdAgg6j2Kqip7R61GhiDiwFuWrjVGhtA@mail.gmail.com>
In-Reply-To: <CA+9kkMDwB9kSoqSuR3MdAgg6j2Kqip7R61GhiDiwFuWrjVGhtA@mail.gmail.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [192.168.52.123]
Content-Type: multipart/signed; boundary="Apple-Mail=_CA44E980-6BBA-453B-AC9C-DE920E4A2C50"; protocol="application/pgp-signature"; micalg="pgp-sha512"
MIME-Version: 1.0
X-Proofpoint-Spam-Reason: safe
X-FB-Internal: Safe
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.14.151, 1.0.33, 0.0.0000 definitions=2015-08-12_03:2015-08-11,2015-08-12,1970-01-01 signatures=0
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf/0tnA-xmW89M8n9pIEYnhDI6XZVM>
Cc: Peter Koch <pk@denic.de>, Mark Nottingham <mnot@mnot.net>, Jacob Appelbaum <jacob@appelbaum.net>, "ietf@ietf.org" <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Aug 2015 03:22:58 -0000

Hi Ted,

> On Aug 11, 2015, at 5:17 PM, Ted Hardie <ted.ietf@gmail.com> wrote:
> ​Actually, the point was made up-thread that if names below .onion change in their length, it is not clear how well software which is expecting a more usual DNS-style authority section for http URLs (or mailto URLs etc.) will work.

I can see the concern - for instance there is Mailpile, a MUA which implements an extension called “SMTorP” - shortcutting SMTP delivery using an end-to-end Onion connection between the MUAs of two people once it is established that both of them are running Mailpile.

I am not sure whether SMTorP is intended to make the Onion addresses “directly” available for mailto: URIs, but I want to note:

* Onion addresses at the moment are 16+”.onion” characters long, and derived URIs are of a legitimate DNS syntax by any measure
* There is plenty of speculation about how unspecified software may deal with them if/when they get longer
* The URI standard seems (as I wrote upstream) to be strict in capping the length of a URI at 255 chars
* ...and reads inconsistently regards the assumption of DNS as a name resolution service and whether that should be enforced.

Given the “special” - as in “special name” - nature of Tor, it seems likely that all intentional use of it will be "opt-in" by via software that is capable of dealing with its addressing scheme and any URIs associated with it.

Equally, any software not capable of dealing it, which stumbles across a “long” label or somesuch, should treat it as much as it should properly treat (ignore?) any URI which it is incapable of dealing with. e.g.: the fact that I insert a link such as the following in this e-mail, should not crash your browser:

http://a234567890123456789012345678901234567890123456789012345678901234567890.onion/hello <http://a234567890123456789012345678901234567890123456789012345678901234567890.onion/hello>.txt

If you are still reading this e-mail, your browser or mailer survived that illegally-long-yet-parsable label.

Software is pretty good at ignoring what it cannot deal with nowadays.


> ​So, RFC 6761 says this:
>     Similarly, if a domain name has special properties that affect the
>    way hardware and software implementations handle the name, that apply
>    universally regardless of what network the implementation may be
>    connected to, then that domain name may be a candidate for having the
>    IETF declare it to be a Special-Use Domain Name and specify what
>    special treatment implementations should give to that name.
> ​ ​It is abundantly clear that software implementations handling .onion addresses should behave differently from those handling standard DNS registrations.  But it is not currently within the IETF's ability to specify the special treatment in this case.  Note that I don't mean here specify "how TOR itself works", but to specify how this works when these names appear inside other contexts.

So, for my clarity, your concern is one of these two contexts:

(a) the bigger non-tor-enabled universe and how it behaves when encountering a perhaps-longer-than-expected label as part of the “Host” element of a URI?

Or perhaps...

(b) How the tor-enabled universe with its non-IETF-defined features will make use of IETF URI schemes (eg: mailto:) and yet one day may start using them in non-standard ways/creating non-standard URIs?


> Imagine for a moment that I run a service that delivers mail via TOR. While RFC 5321 does not contemplate .onion addresses, it does note that MX records may be resolvable with either v4 or v6.  What would actually break if someone put a .onion address in the MX record of a domain?

Well, strictly, I feel that if one can insert an MX record for a “special use” domain which IANA will not delegate (see earlier thread regarding IANA feedback for this draft) then perhaps there is a bigger issue at hand, viz: the ability to insert long junk records of any kind into an MX record - which would not be an issue caused by this draft.

To answer your question literally, I believe the answer would be someone receiving SMTP code 553 “You are attempting to send email to a domain that is not recognized by this server”.


> What would break if a later version onion address ceased to follow DNS syntax for labels below .onion itself?

That’s a good question that seems to assume (lack of) good faith of the Tor community to want to interoperate with the internet as a whole; given the actual challenge at hand - which I can sketch as “the tor onion community are trying to use the HTTP/S schemes in URIs” - it seems pretty plausible that transparent interoperability is actually their goal, though of course I can’t speak for all Tor users everywhere.

Some of them may want to innovate, perhaps (in wild, nostalgic, hypothetical speculation) we will see a renaissance of UUCP bangpaths over some Onion-aware e-mailer; wouldn’t that be exciting and innovative?

But I wouldn’t want to pre-emptively squelch such an innovation for fear of how Outlook would cope if and when it encountered something like:

mailto:…!mcsun!ukc!aber!aem (this was one of my e-mail addresses in 1991)

…because Outlook would not be the target audience for such a feature.

I believe that one of the underlying principles of HTML is that “if you don’t understand something, ignore it”, and this behaviour (ignoring this bangpath scheme) seems okay to me. Or punting it.  Whichever.


> The answer to question 1 and question 2 may be very, very different.
> 
> As I said in a previous thread, I think the IETF didn't do a good job in setting up this registry, and I think we're actually talking about two very different things.  One is "special use DNS names" and the other is "names in other namespaces than the DNS".  I think the first one we have our hands around.  There's a huge potential range in that second category, but the more a namespace outside of the DNS tries to share contexts with the DNS (like URL contexts), the messier it is going to get.  Honestly, I worry folks will assume from seeing a namespace in one DNS-like context that it can go into others, and that it will break more than that namespace.

To me this provides all the more reason, in this popular, million-plus user special case, to put it on a proper footing as a special name, adopt IANA’s suggestion of not delegating it but annotating its special nature clearly so that CA/B-Forum will bless SSL certificates for it, and through awareness learn how to find a middle ground that is acceptable to all.

I am sympathetic. I have lived in a world of dual namespaces.  Another of my old e-mail addresses was:

aem%uk.ac.aber@nsfnet-relay.ac.uk

For those who don’t recall, the UK academic network was once X.25 not TCP/IP, and had an addressing scheme which ran right to left; and it was a good day when the UK JANET network finally dumped bigendianism and all hostnames (for good or ill) ran from left to right.

BUT: again, to reiterate:

1) Onion address spaces are currently utterly DNS “compliant”, except for having a currently unofficial rightmost label.

...and...

2) All forward-looking statements about them are speculation, but practically the most likely thing to happen to them is that they will get longer.


Regarding label length, I find it really interesting to note that the Tor draft discussion document for future onion addresses / hidden services cites examples thusly:


https://gitweb.torproject.org/torspec.git/tree/proposals/224-rend-spec-ng.txt <https://gitweb.torproject.org/torspec.git/tree/proposals/224-rend-spec-ng.txt>
>    And a new name following this specification might look like:
> 
>         a1uik0w1gmfq3i5ievxdm9ceu27e88g6o7pe0rffdw9jmntwkdsd.onion


…where the longest label is *53* characters long, still well within the bounds of DNS legality (63) and yet leaving 10 characters grace for padding hyphens, or something.

But for some reason we are still arguing about future speculation and what “might” happen.

Honestly, I wonder why *that* is?


> Holding up the registration of .onion does not help that, of course, but I hope it helps you understand why we are looking for more detail than "this external pointer to a changeable specification should be enough.”


Concern for standardisation is important and good; so is general adherence to standards, especially in spirit.

I hope that neither is ever constructed by IETF in order to proactively brake innovation or change, especially where good faith is evident.

    - alec (mailto:aem%aber@ukacrl.bitnet <mailto:aber@ukacrl.bitnet> - in 1991)

—
Alec Muffett
Security Infrastructure
Facebook Engineering
London

v2.23.0 | Report a Bug | By Email