Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tld-00.txt> (The .onion Special-Use Domain Name) to Proposed Standard

[Ted Lemon <ted.lemon@nominum.com>]

On 07/15/2015 05:42 AM, Edward Lewis wrote:
> As David says, .onion-names use is independent (to some extent) on whether
> "onion" is registered in the Special Use Domain Names registry.  What I am
> writing here isn't a statement about whether "onion" is to registered, but
> about the document applying for registration.

No, it's not independent, because .onion sites won't be able to get PKI 
certs if we don't do the allocation.
> The document defines the use of the name by referring to a couple of
> references, none of which appears to be published in a way that can be
> referenced except by URL.  Not to say that the documents seen are poorly
> written, still there's no evidence of peer review nor stable reference
> point.
We discussed this at length in the working group, in which I believe you 
participate.   It is clearly understood that TOR is effectively an SDO 
that has defined a standard using their own system of publication and 
their own standardization methodology, which is different than the 
IETF's methodology for very good reasons. Requiring another SDO to 
follow IETF process in order to get an allocation of this type doesn't 
make sense and isn't required by the governing standard.

> The document also shows no evidence of the deployment of the use of the
> names below "onion."  In David's email, and in others, there are comments
> regarding an "installed base".
Are you claiming that there is not widespread deployment of TOR? There 
was no controversy in the working group on this question: nobody there 
claimed that TOR wasn't sufficiently widely deployed to justify allocation.
> I really believe that for DNS elements, there should be no change.  By
> intent, the onion names are not to be presented to the DNS by what's in
> category 2 and 3 (Applications and Name Resolution API's respectively).  I
> see placing any requirement on DNS elements - and by that I mean the
> software used to implement the DNS standard - as a bad idea, under the
> heading of "permanent fix to a temporary situation."  (I.e., Tor may not
> be permanent, if it is, as software matures onion names will not be in DNS
> queries.)

I think this is a reasonable position to take, with one exception. I 
think it's fine for the document to make recommendations about what name 
servers and the root should do, but it's not our place to make 
requirements, nor do I think it's necessary.   However, it would be very 
beneficial for host implementations to special case .onion, as some 
hosts do for .local now.   When hosts fail to apply appropriate special 
case handling for .local, it creates operational annoyances, to no 
benefit.   In the case of .onion, it creates a privacy problem.   So I 
don't mind this text as much as you do, but I do wonder if we'll 
actually see widespread implementation of such requirements.
> I'm agreeing with Ted in that this application is insufficient.

Whoa there, cowboy!   I didn't say it was insufficient.   I proposed 
changes to the text that I think would result in it better expressing 
what I think was intended.

And also, please don't call it an application.   It is an internet 
draft, which has passed working group last call, and is in IETF last 
call.   An application would be something that would be handled by the 
IESG, through the instrumentality of the IANA.