> On Mar 17, 2015, at 4:36 PM, Alec Muffett <al...@fb.com > <mailto:al...@fb.com>> wrote: > > Hi Ruben, > > As I think you’ll see from the document, in our seeking classification of > “.onion” in the “special use domains registry” under the terms governing that > space, I think it’s fair for me to say that NXDOMAIN is pretty much what > we’re shooting for. > > There are probably some edge cases to the argument which should be clarified > by more experienced DNSOP hands than I - Richard? - but overall I think we > are in agreement regarding that aspect of the outcome. > > As for the “alleged” nature of the time-sensitivity, may I please direct your > attention to: > > https://cabforum.org/2015/02/18/ballot-144-validation-rules-dot-onion-names/ > <https://cabforum.org/2015/02/18/ballot-144-validation-rules-dot-onion-names/> > > …specifically: > > “Effective 1 October 2016, CAs SHALL revoke all unexpired Certificates whose > subjectAlternativeName extension or Subject commonName field contains a > Reserved IP Address or Internal Name.” > > …which I think would best be described as a “concrete” rather than “alleged” > time sensitivity.
The ballot explicitly calls .onion an specified non-internal name, so whether the IETF defines that as non-delegatable doesn't really seem to matter to CA/B Forum, does it ? Rubens
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
