On Tue, Jul 14, 2015 at 12:24 PM, The IESG <iesg-secret...@ietf.org> wrote:
> > The IESG has received a request from the Domain Name System Operations WG > (dnsop) to consider the following document: > - 'The .onion Special-Use Domain Name' > <draft-ietf-dnsop-onion-tld-00.txt> as Proposed Standard > > The IESG plans to make a decision in the next few weeks, and solicits > final comments on this action. Please send substantive comments to the > i...@ietf.org mailing lists by 2015-08-11. Exceptionally, comments may be > sent to i...@ietf.org instead. In either case, please retain the > beginning of the Subject line to allow automated sorting. > > Abstract > > This document uses the Special-Use Domain Names registry to register the > '.onion' Top Level Domain (TLD) for the Tor Network. This is deemed > necessary > for hosts on the ToR network to apply for and receive legitimate SSL > Certificates. > > Speaking as an individual only, I do not believe that this request is well-formed. In May of 2000, the IAB of the time issued RFC 2826, which provided a technical commentary on the value of the unique DNS root. Among its statements is this: The DNS fulfills an essential role within the Internet protocol environment, allowing network locations to be referred to using a label other than a protocol address. I believe that .onion is, essentially, a way for structuring protocol addresses so that they appear to be DNS names. It does not conform to the delegation model of the DNS, and it requires special knowledge on the part of the handler to understand it. The authors of the document propose to register it in the DNS under the rubric of RFC 6761, which says: If it is determined that special handling of a name is required in order to implement some desired new functionality, then an IETF "Standards Action" or "IESG Approval" specification [RFC5226 <https://tools.ietf.org/html/rfc5226>] MUST be published describing the new functionality. The specification MUST state how implementations determine that the special handling is required for any given name. This is typically done by stating that any fully qualified domain name ending in a certain suffix (i.e., falling within a specified parent pseudo- domain) will receive the special behaviour. In effect, this carves off a sub-tree of the DNS namespace in which the modified name treatment rules apply, analogous to how IP multicast [RFC1112 <https://tools.ietf.org/html/rfc1112>] or IP link-local addresses [RFC3927 <https://tools.ietf.org/html/rfc3927>] [RFC4862 <https://tools.ietf.org/html/rfc4862>] carve off chunks of the IP address space in which their respective modified address treatment rules apply. I do not believe this document is sufficient to describe the new functionality; the primary description is actually in an informational reference, [Dingledine2004]. <https://www.onion-router.net/Publications/tor-design.pdf>This does not appear, at least to me, to meet the requirements set out in the registration document. Further, I believe this stretches the "special handling" requirement of RFC 6761 to the breaking point. This does not describe special handling _within the DNS_, but instead removes a portion of the global namespace from the DNS at all. To me, at least, this does not seem to me to meet the analogy RFC 6761 provides to IP multicast ranges or local addresses. Whether it is permitted or not by RFC 6761, it is a bad idea. My opinion only, Ted Hardie > The file can be obtained via > https://datatracker.ietf.org/doc/draft-ietf-dnsop-onion-tld/ > > IESG discussion can be tracked via > https://datatracker.ietf.org/doc/draft-ietf-dnsop-onion-tld/ballot/ > > > No IPR declarations have been submitted directly on this I-D. > > > >
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
