Considering .onion is a non-resolving TLD, how would a CA issue a certificate for a .onion name that they can't verify whether the requester is the administrator of that service ? DV certificates can use lots of mechanisms to verify that, but is one of them feasible for CAs to use ?
Rubens > Em 16/03/2015, à(s) 19:16:000, Jacob Appelbaum <ja...@appelbaum.net> escreveu: > > Hi, > > I realized after uploading that I hadn't sent this along for discussion. > > Hopefully it is a topic of discussion in Dallas. Tor's onion names > are widely deployed and used by lots of folks all around the world. > Our deployment size isn't news or really much of a discussion point - > rather, I'm primarily concerned about users who have certificates > issued to .onion names. Our Special Use Domain Name for consideration > is directly related to things happening in the CAB forum. The CAB > Forum context is here: > https://cabforum.org/2015/02/18/ballot-144-validation-rules-dot-onion-names/ > - most importantly is the date October 1st. On that date we'll have a > death day for currently issued certifcates with .onion names. This > makes the onion name issue rather time sensitive and without further > action, some stuff will likely break. > > The draft announcement is here: > > ---------- Forwarded message ---------- >> From: internet-dra...@ietf.org >> Date: Fri, 06 Mar 2015 17:25:10 -0800 >> Subject: New Version Notification for draft-appelbaum-dnsop-onion-tld-00.txt >> To: Jacob Appelbaum <ja...@appelbaum.net>, Alec Muffett <al...@fb.com> >> >> >> A new version of I-D, draft-appelbaum-dnsop-onion-tld-00.txt >> has been successfully submitted by Jacob Appelbaum and posted to the >> IETF repository. >> >> Name: draft-appelbaum-dnsop-onion-tld >> Revision: 00 >> Title: The .onion Special-Use Domain Name >> Document date: 2015-03-05 >> Group: Individual Submission >> Pages: 6 >> URL: >> http://www.ietf.org/internet-drafts/draft-appelbaum-dnsop-onion-tld-00.txt >> Status: >> https://datatracker.ietf.org/doc/draft-appelbaum-dnsop-onion-tld/ >> Htmlized: http://tools.ietf.org/html/draft-appelbaum-dnsop-onion-tld-00 >> >> >> Abstract: >> This document registers the ".onion" Special-Use Domain Name. > > All the best, > Jacob > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
