Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tld-00.txt> (The .onion Special-Use Domain Name) to Proposed Standard
Richard Barnes <rlb@ipv.sx> Thu, 16 July 2015 16:04 UTC
Return-Path: <rlb@ipv.sx>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A575E1A9117 for <ietf@ietfa.amsl.com>; Thu, 16 Jul 2015 09:04:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.978
X-Spam-Level:
X-Spam-Status: No, score=-1.978 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-0.7] autolearn=unavailable
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3zuHUUwyDgDs for <ietf@ietfa.amsl.com>; Thu, 16 Jul 2015 09:04:07 -0700 (PDT)
Received: from mail-vn0-f53.google.com (mail-vn0-f53.google.com [209.85.216.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 61DF31A9151 for <ietf@ietf.org>; Thu, 16 Jul 2015 09:04:04 -0700 (PDT)
Received: by vnbg190 with SMTP id g190so8521336vnb.2 for <ietf@ietf.org>; Thu, 16 Jul 2015 09:04:03 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=bYDKgptuN8F3rEdVyW8b5c1+Mh1gyYicgkjooIxhtMo=; b=YMkU+KNZOCUE+Wtead6bP5qj+OoVZhZsdcIzUnzpICPo+GBrlJVnUpChsboyZrr2Sq qStNiyBA7j4btashHCP55vdGSRjBnLUT6gZpsK6FvGgbmUaOSKu+BL83JKLkGb59nLXo kNtQajxa1c9bm3UrL9H8+WPW78M0IVuVNsJzCTJDDo5fq2DC+gzzRVA27nhHn4TzqDrP Rx2fHXT4c3fyylDz5J7QwiNnRKdtcpG3l/gLSKskQA5poSVHjyDFRCWRwo17q4i/xi0O NxF9sNU0pWtC6mMbi3v4iwDf7pmIh+diJgZMrAp1CuoeTAO2GUK3qDCkNyweEnYvOVhw jbrg==
X-Gm-Message-State: ALoCoQnuF+aoQg80K/xM5qNMK6JRKO7q7rw1dXKT/Hu8d/y+ptdZO0zhoLDNoaJee9aj5Z9oy9CS
MIME-Version: 1.0
X-Received: by 10.52.69.241 with SMTP id h17mr10846559vdu.68.1437062643673; Thu, 16 Jul 2015 09:04:03 -0700 (PDT)
Received: by 10.31.164.207 with HTTP; Thu, 16 Jul 2015 09:04:03 -0700 (PDT)
In-Reply-To: <CF44E5A4-B5CC-4D7A-BAD8-D2989AAC96BE@cursive.net>
References: <20150714192438.1138.96059.idtracker@ietfa.amsl.com> <CA+9kkMAz1ogcpWAdKaKTRm9f8sV4RO+TKu6aYB717D7+eM0bmw@mail.gmail.com> <20150714205019.GA20641@sources.org> <93AA7CD2-DFC0-419C-9103-F39AA711BD79@virtualized.org> <CF44E5A4-B5CC-4D7A-BAD8-D2989AAC96BE@cursive.net>
Date: Thu, 16 Jul 2015 18:04:03 +0200
Message-ID: <CAL02cgTf0hzeTiranKeUheMnUG9HjR897FwKAfPoufiFj=UW3g@mail.gmail.com>
Subject: Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tld-00.txt> (The .onion Special-Use Domain Name) to Proposed Standard
From: Richard Barnes <rlb@ipv.sx>
To: Joe Hildebrand <hildjj@cursive.net>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf/6ksouy7P1Mn_5z3sGr0WjlIEQoc>
Cc: dnsop <dnsop@ietf.org>, IETF <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Jul 2015 16:04:08 -0000
On Thu, Jul 16, 2015 at 12:44 AM, Joe Hildebrand <hildjj@cursive.net> wrote: > On 15 Jul 2015, at 5:37, David Conrad wrote: > >> I try to be pragmatic. Given I do not believe that refusing to put ONION >> in the special names registry will stop the use of .ONION, the size of the >> installed base of TOR implementations, and the implications of the use of >> that string in certificates, I supporting moving ONION to the special names >> registry. I really (really) wish there was more concrete, objective metrics >> (e.g., size of installed base or some such), but my gut feeling is that TOR >> is pretty well deployed and given the CAB Forum stuff, I see no particular >> reason to delay (after all, it's not like the deployed base of TOR is likely >> to get smaller). > > > I don't see any mention of the CAB Forum stuff in the draft. Has anyone > done the analysis to see if CAB Forum members really will issue certs to > .onion addresses if we do this? Do they issue certs for .example or .local > today? There are at least a few CAs issuing for .onion right now, under the exceptions that are going to expire in a few months. So I assume that these CAs will be interested in issuing if policy allows. My understanding is that the basic requirement that CABF has is that a name either be clearly a valid DNS name or clearly *not* a valid DNS name. (And in either case, that the applicant be able to demonstrate control.) Right now, that's ambiguous. Adding .onion to the RFC 6761 registry would remove the ambiguity, since it would officially mark names under .onion as not DNS names. --Ricahrd > If certificate issuance is one of the key drivers for this work, there needs > to be information in the draft that shows that this approach will work. > > -- > Joe Hildebrand > > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop
- Re: Last Call: <draft-ietf-dnsop-onion-tld-00.txt… George Michaelson
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Ted Hardie
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Ted Lemon
- Re: Last Call: <draft-ietf-dnsop-onion-tld-00.txt… Ted Hardie
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… George Michaelson
- Re: Last Call: <draft-ietf-dnsop-onion-tld-00.txt… Stephane Bortzmeyer
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Ted Lemon
- Re: Last Call: <draft-ietf-dnsop-onion-tld-00.txt… Stephane Bortzmeyer
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Ted Hardie
- Re: Last Call: <draft-ietf-dnsop-onion-tld-00.txt… John Levine
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Ted Lemon
- Re: Last Call: <draft-ietf-dnsop-onion-tld-00.txt… Randy Bush
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… David Conrad
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Patrik Fältström
- Re: Last Call: <draft-ietf-dnsop-onion-tld-00.txt… Patrik Fältström
- Re: Last Call: <draft-ietf-dnsop-onion-tld-00.txt… Stephane Bortzmeyer
- Re: Last Call: <draft-ietf-dnsop-onion-tld-00.txt… Stephane Bortzmeyer
- Re: Last Call: <draft-ietf-dnsop-onion-tld-00.txt… John C Klensin
- Re: Last Call: <draft-ietf-dnsop-onion-tld-00.txt… Patrik Fältström
- Re: Last Call: <draft-ietf-dnsop-onion-tld-00.txt… Ted Hardie
- Re: Last Call: <draft-ietf-dnsop-onion-tld-00.txt… Patrik Fältström
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Ted Lemon
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Ted Hardie
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Ted Lemon
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Ted Lemon
- Re: Last Call: <draft-ietf-dnsop-onion-tld-00.txt… John C Klensin
- Re: Last Call: <draft-ietf-dnsop-onion-tld-00.txt… Ted Hardie
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Ted Lemon
- Re: Last Call: <draft-ietf-dnsop-onion-tld-00.txt… John C Klensin
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Bob Harold
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Edward Lewis
- Re: Last Call: <draft-ietf-dnsop-onion-tld-00.txt… Edward Lewis
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Edward Lewis
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Edward Lewis
- Re: Last Call: <draft-ietf-dnsop-onion-tld-00.txt… Joe Hildebrand
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Joe Hildebrand
- Re: Last Call: <draft-ietf-dnsop-onion-tld-00.txt… John Levine
- Re: Last Call: <draft-ietf-dnsop-onion-tld-00.txt… Mark Andrews
- Re: Last Call: <draft-ietf-dnsop-onion-tld-00.txt… John R Levine
- Re: Last Call: <draft-ietf-dnsop-onion-tld-00.txt… Patrik Fältström
- Re: Last Call: <draft-ietf-dnsop-onion-tld-00.txt… John C Klensin
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Tom Ritter
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Richard Barnes
- Re: Last Call: <draft-ietf-dnsop-onion-tld-00.txt… Eliot Lear
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Joseph Lorenzo Hall
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… joel jaeggli
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… joel jaeggli
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Richard Barnes
- Re: Last Call: <draft-ietf-dnsop-onion-tld-00.txt… Stephane Bortzmeyer
- Re: Last Call: <draft-ietf-dnsop-onion-tld-00.txt… Stephane Bortzmeyer
- Re: Last Call: <draft-ietf-dnsop-onion-tld-00.txt… Stephane Bortzmeyer
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Edward Lewis
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Eliot Lear
- Re: Last Call: <draft-ietf-dnsop-onion-tld-00.txt… Ted Hardie
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… David Cake
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… David Cake
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… David Cake
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Eliot Lear
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Eliot Lear
- Re: Last Call: <draft-ietf-dnsop-onion-tld-00.txt… Andrew Sullivan
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Alec Muffett
- Re: Last Call: <draft-ietf-dnsop-onion-tld-00.txt… John C Klensin
- Re: Last Call: <draft-ietf-dnsop-onion-tld-00.txt… Ted Lemon
- Re: Last Call: <draft-ietf-dnsop-onion-tld-00.txt… John C Klensin
- Re: the names that aren't DNS names problem, was … John Levine
- Re: Last Call: <draft-ietf-dnsop-onion-tld-00.txt… Ted Lemon
- Re: domain names that aren't DNS names, was Last … John Levine
- Re: Last Call: <draft-ietf-dnsop-onion-tld-00.txt… George Michaelson
- Re: Last Call: <draft-ietf-dnsop-onion-tld-00.txt… Geoff Huston
- Re: the names that aren't DNS names problem, was … Eliot Lear
- Re: the names that aren't DNS names problem, was … Suzanne Woolf
- Re: the names that aren't DNS names problem, was … George Michaelson
- Re: the names that aren't DNS names problem, was … Eliot Lear
- Re: the names that aren't DNS names problem, was … Suzanne Woolf
- Re: the names that aren't DNS names problem, was … Douglas Otis
- Re: the names that aren't DNS names problem, was … Eliot Lear
- Re: domain names that aren't DNS names, was Last … Ted Lemon
- Re: Last Call: <draft-ietf-dnsop-onion-tld-00.txt… Ted Lemon
- Re: Last Call: <draft-ietf-dnsop-onion-tld-00.txt… George Michaelson
- Re: Last Call: <draft-ietf-dnsop-onion-tld-00.txt… Sam Hartman
- Re: Last Call: <draft-ietf-dnsop-onion-tld-00.txt… John C Klensin
- Re: Last Call: <draft-ietf-dnsop-onion-tld-00.txt… David Conrad
- Re: Last Call: <draft-ietf-dnsop-onion-tld-00.txt… Ted Lemon
- Re: Last Call: <draft-ietf-dnsop-onion-tld-00.txt… Ted Lemon
- Re: Last Call: <draft-ietf-dnsop-onion-tld-00.txt… Tim Wicinski
- Re: Last Call: <draft-ietf-dnsop-onion-tld-00.txt… Sam Hartman
- Re: Last Call: <draft-ietf-dnsop-onion-tld-00.txt… Ted Lemon
- Weakness of DNS classes (was Re: Last Call: <draf… Andrew Sullivan
- Re: Weakness of DNS classes (was Re: Last Call: <… John C Klensin
- Re: domain names that are not DNS names, was Last… John Levine
- Re: domain names that are not DNS names, was Last… Ted Lemon
- Re: Weakness of DNS classes (was Re: Last Call: <… John Levine
- Re: Weakness of DNS classes (was Re: Last Call: <… David Morris
- Re: Weakness of DNS classes (was Re: Last Call: <… Mark Andrews
- Re: Last Call: <draft-ietf-dnsop-onion-tld-00.txt… Stephane Bortzmeyer
- Re: the names that aren't DNS names problem, was … Stephane Bortzmeyer
- Re: the names that aren't DNS names problem, was … George Michaelson
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Bob Harold
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… John C Klensin
- Re: the names that aren't DNS names problem, was … Stephane Bortzmeyer
- Re: the names that aren't DNS names problem, was … John Curran
- Re: the names that aren't DNS names problem, was … Ted Lemon
- Re: the names that aren't DNS names problem, was … John C Klensin
- Re: the names that aren't DNS names problem, was … Steve Crocker
- Re: the names that aren't DNS names problem, was … David Conrad
- Re: the names that aren't DNS names problem, was … Ted Lemon
- Re: the names that aren't DNS names problem, was … Dave Crocker
- Re: the names that aren't DNS names problem, was … John C Klensin
- Re: the names that aren't DNS names problem, was … Dave Crocker
- Re: the names that aren't DNS names problem, was … David Conrad
- Re: the names that aren't DNS names problem, was … Eliot Lear
- Re: the names that aren't DNS names problem, was … David Conrad
- Re: the names that aren't DNS names problem, was … Eliot Lear
- Re: the names that aren't DNS names problem, was … Donald Eastlake
- Re: the names that aren't DNS names problem, was … John Curran
- Re: the names that aren't DNS names problem, was … Richard Shockey
- Re: the names that aren't DNS names problem, was … Ted Lemon
- Re: the names that aren't DNS names problem, was … Ted Lemon
- Re: the names that aren't DNS names problem, was … John R Levine
- Re: the names that aren't DNS names problem, was … John Levine
- Re: the names that aren't DNS names problem, was … John Levine
- Re: the names that aren't DNS names problem, was … Ted Lemon
- Re: the names that aren't DNS names problem, was … Eliot Lear
- Re: the names that aren't DNS names problem, was … Patrik Fältström
- Re: the names that aren't DNS names problem, was … Patrik Fältström
- Re: the names that aren't DNS names problem, was … John R Levine
- Re: the names that aren't DNS names problem, was … Patrik Fältström
- Re: the names that aren't DNS names problem, was … John R Levine
- Re: the names that aren't DNS names problem, was … Patrik Fältström
- Re: the names that aren't DNS names problem, was … John C Klensin
- Re: the names that aren't DNS names problem, was … John Levine
- Re: the names that aren't DNS names problem, was … John C Klensin
- RE: the names that aren't DNS names problem, was … Christian Huitema
- RE: the names that aren't DNS names problem, was … John C Klensin
- Re: the names that aren't DNS names problem, was … Ted Lemon
- Re: the names that aren't DNS names problem, was … Andrew Sullivan
- Re: the names that aren't DNS names problem, was … Stephen Farrell
- Re: the names that aren't DNS names problem, was … Brian E Carpenter
- Re: the names that aren't DNS names problem, was … Ted Lemon
- Re: the names that aren't DNS names problem, was … John C Klensin
- Re: the names that aren't DNS names problem, was … Patrik Fältström
- Re: the names that aren't DNS names problem, was … John C Klensin
- Re: the names that aren't DNS names problem, was … Patrik Fältström
- Re: the names that aren't DNS names problem, was … John Levine
- Re: the names that aren't DNS names problem, was … Brian E Carpenter
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Wendy Seltzer
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Edward Lewis
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Edward Lewis
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Edward Lewis
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Alec Muffett
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Chris Baker
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Jacob Appelbaum
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Ted Hardie
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Alec Muffett
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Ted Hardie
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Alec Muffett
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Joe Hildebrand
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Alec Muffett
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Mark Nottingham
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Alec Muffett
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Andrew Sullivan
- RE: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Darcy Kevin (FCA)
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Sam Hartman
- Re: Last Call: <draft-ietf-dnsop-onion-tld-00.txt… Peter Koch
- Re: Last Call: <draft-ietf-dnsop-onion-tld-00.txt… Alec Muffett
- Re: Last Call: <draft-ietf-dnsop-onion-tld-00.txt… Ted Hardie
- Re: Last Call: <draft-ietf-dnsop-onion-tld-00.txt… Alec Muffett
- Re: Last Call: <draft-ietf-dnsop-onion-tld-00.txt… Ted Hardie
- Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Roy T. Fielding
- Re: Last Call: <draft-ietf-dnsop-onion-tld-00.txt… Alec Muffett
- Re: Last Call: <draft-ietf-dnsop-onion-tld-00.txt… Ted Hardie
- Re: Last Call: <draft-ietf-dnsop-onion-tld-00.txt… Alec Muffett
- RE: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tl… Darcy Kevin (FCA)
- Re: Last Call: <draft-ietf-dnsop-onion-tld-00.txt… Nick Mathewson
- Re: Last Call: <draft-ietf-dnsop-onion-tld-00.txt… George Michaelson
- Re: the names that aren't DNS names problem, was … Ted Lemon
- Re: the names that aren't DNS names problem, was … Dave Crocker