On Apr 14, 2015, at 1:02 PM, Warren Kumari <war...@kumari.net> wrote: > > Hopefully one that will for for those folk who a: live in Europe and / > or b: will be at DNS-OARC and the DNS track at RIPE... > > Seeing as Interims are supposed to be announced >=30 days in the > future I'm guessing not the 14th of May…
Hi All, Per this topic, I have uploaded v-01 of draft-appelbaum-dnsop-onion-tld; differences are viewable at: http://www.ietf.org/rfcdiff?url1=draft-appelbaum-dnsop-onion-tld-00&url2=draft-appelbaum-dnsop-onion-tld-01 <http://www.ietf.org/rfcdiff?url1=draft-appelbaum-dnsop-onion-tld-00&url2=draft-appelbaum-dnsop-onion-tld-01> …and the diff largely consists of some technical simplification, thanks & acknowledgements, and typos. I would also like to take this opportunity to correct a timeline for the potential death of existing “.onion” TLD certificates in the instance that the “.onion" special use domain is not registered in the near-to-medium term; this correction arises from a misunderstanding on my part of the results of CA/B Forum Ballot 144, and is not a substantial error (off by one month) but I would like it to be clear for all interested parties. -a == Summary == All “.onion” SSL certificates will be revoked if “.onion” is not approved as a special use TLD on/by November 1st 2015; if “.onion" is approved then the certificates will persist without action being required. = Timeline = == March 2014 == CA/B Forum approve Ballot 144, paving a route to “proper” SSL Certificates for Onion Sites == Current Day Goes Here == Hello world. == 1 May 2015 == All existing ".onion” SSL Certificates which were issued under the “local names” exception “must” be revoked by their issuer, the expectation being that the certificate holder will receive a new Ballot-144-compliant “EV” Onion certificate. This is what i was not formerly clear regarding, and see below because... == 1 October 2015 == The "Local Names” exception, under which SSL Onion certificates were originally issued, dies; this will doubly-kill all the Onion certificates, however the Ballot-144-compliant “EV” Onion certificates have until… == 1 November 2015 == …which is the CA/B Forum “deadline” for IETF to approve “.onion” as a TLD; if “.onion” is not approved by this time then the certs will be “turned off” / killed by the certificate authorities. — Alec Muffett Security Infrastructure Facebook Engineering London
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
