IETF Logo Mail Archive

Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tld-00.txt> (The .onion Special-Use Domain Name) to Proposed Standard

David Conrad <drc@virtualized.org> Wed, 15 July 2015 02:37 UTC

Return-Path: <drc@virtualized.org>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 90C941B30FF for <ietf@ietfa.amsl.com>; Tue, 14 Jul 2015 19:37:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id P1yEoh0PyZU9 for <ietf@ietfa.amsl.com>; Tue, 14 Jul 2015 19:37:05 -0700 (PDT)
Received: from mail-pd0-f182.google.com (mail-pd0-f182.google.com [209.85.192.182]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DF6431B30E3 for <ietf@ietf.org>; Tue, 14 Jul 2015 19:37:05 -0700 (PDT)
Received: by pdrg1 with SMTP id g1so15888946pdr.2 for <ietf@ietf.org>; Tue, 14 Jul 2015 19:37:05 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:mime-version:content-type:from :in-reply-to:date:cc:message-id:references:to; bh=M2OehI+xMaq06En9JedeC+yVpj1D8o/+PtwSPJXaPVE=; b=IfzPyoAT0HNbXaEuk9lOaDGnfvEtmFB/i3qR60jKkxpjOes2oewyNO2XbW7JkqJtpk BK05Suy6W5+ldp/tfkOg6+Z6KTcNYaZ44BwYeJ6BqYxMoy5AfOutzNjfyak/pnbETmkH ivhlju0GxbCOvKqEPlCuWKdNppQR8+L9L185Uz8n0aOFTr5ywholx1+zNsh0HNVk64kn Tjy4zSvkuuNymMiIu9E64UMGePhBIHArht+RWFHCf6nBPTrwpSmNeQ5TlpL1abNZdoSU KCvzyhWLvMZAHfrsMlf4AzQnuBQBkBVpzO1NuFF8lyG6c1GB0GLuIkSGvBB/evynP8Lk cwaQ==
X-Gm-Message-State: ALoCoQnBS/7aZ7CWvu4IbP/dEyX8/d1AV3TbsTE92ekcYSDmui3fBK3tusoB58+Hhm6SPkzt4ZhZ
X-Received: by 10.66.161.135 with SMTP id xs7mr3322502pab.154.1436927825409; Tue, 14 Jul 2015 19:37:05 -0700 (PDT)
Received: from ?IPv6:2601:647:4300:6ed2:e1c5:c776:44b5:21ca? ([2601:647:4300:6ed2:e1c5:c776:44b5:21ca]) by smtp.gmail.com with ESMTPSA id og1sm2734905pdb.58.2015.07.14.19.37.03 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 14 Jul 2015 19:37:04 -0700 (PDT)
Subject: Re: [DNSOP] Last Call: <draft-ietf-dnsop-onion-tld-00.txt> (The .onion Special-Use Domain Name) to Proposed Standard
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2102\))
Content-Type: multipart/signed; boundary="Apple-Mail=_48D821B6-3A6E-4559-A539-E7F7901E1995"; protocol="application/pgp-signature"; micalg="pgp-sha512"
X-Pgp-Agent: GPGMail 2.5
From: David Conrad <drc@virtualized.org>
In-Reply-To: <20150714205019.GA20641@sources.org>
Date: Tue, 14 Jul 2015 19:37:01 -0700
Message-Id: <93AA7CD2-DFC0-419C-9103-F39AA711BD79@virtualized.org>
References: <20150714192438.1138.96059.idtracker@ietfa.amsl.com> <CA+9kkMAz1ogcpWAdKaKTRm9f8sV4RO+TKu6aYB717D7+eM0bmw@mail.gmail.com> <20150714205019.GA20641@sources.org>
To: Stephane Bortzmeyer <bortzmeyer@nic.fr>
X-Mailer: Apple Mail (2.2102)
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf/FX4cuTVt__L0xzBzVk1l4MEWU0U>
Cc: dnsop <dnsop@ietf.org>, IETF <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Jul 2015 02:37:10 -0000

> The whole point of this "registration" is to avoid leaks in the
> DNS (section 2 of the draft).

The listing of a string in the special names registry will, of course, not by itself cause leaks to be avoided. It may provide a facility for leaks to be avoided in the future.

>> This does not describe special handling _within the DNS_, but
>> instead removes a portion of the global namespace from the DNS at
>> all.
> 
> Same thing for RFC 6762 (which was the first applictaion of RFC 6761,
> and nobody objected about it).

To put it bluntly, from a certain perspective, 6762 and dnsop-onion are essentially about the same thing: they are formalizing squatting on namespace (by Apple in the first instance and by TOR in the second). As such, I'm not sure 6762 is a good precedent to rely on.

I try to be pragmatic. Given I do not believe that refusing to put ONION in the special names registry will stop the use of .ONION, the size of the installed base of TOR implementations, and the implications of the use of that string in certificates, I supporting moving ONION to the special names registry.  I really (really) wish there was more concrete, objective metrics (e.g., size of installed base or some such), but my gut feeling is that TOR is pretty well deployed and given the CAB Forum stuff, I see no particular reason to delay (after all, it's not like the deployed base of TOR is likely to get smaller).

Regards,
-drc

v2.23.0 | Report a Bug | By Email