In your letter dated 7 Apr 2016 21:26:51 -0000 you wrote: >>Just because TOR asks for .onion doesn't mean it should be given it. > >The TOR project has been distributing software that special cases >the .onion TLD for close to a decade. > >If the IETF said "you're wrong, go away", what exactly do you >think they would do?
They would have been in serious trouble. The problem with the special use registry is that it comes from a line of thinking that as long as you properly partition the name space, all is fine. I.e., names have no other properties than that they are either resolved in DNS or not. For the tor project, onion names leaking into DNS is a problem. But is not clear if and when the current RFC will have any operational impact. It is more a would be nice if DNS resolvers would filter onion. There was no real risk that somebody would start using .onion or even that tor users would be affect by such use. There was however a really big issue, CA were going to refuse DV certificates for .onion because officially it did not exist. Read for example, https://www.ietf.org/blog/2015/09/onion/ So the IETF, saying no we don't want this would have had an impact on this. The IETF giving a stamp of approval on either a protocol or a name can have a lot of impact because other (standards) organizations recognize the IETF as the authority on this. Adrien de Croy wrote: "I understand the IETF is supposed to obtain consensus, but I didn't "see anything in http WG on this until after the fact. Special use "names has wide-ranging repercussions. This is in line with the concept that the special use register is only about reserving the name. How this impact users of the name space is essentially not considered. See the rather poor treatment in RFC 7686. To use the words 'protocol police'. Yes, the IETF is the protocol police. That's its role in the internet. We can still refer to our documents as 'requests for comments'. The outside world sees them as the official seal of approval of the Internet's standards organization. And in this sense, the IETF should only say yes to a naming protocol if it makes sense in the overall architecture of internet related software. Explictly considering the rather complex interaction between naming and security in many applications (such as web browsers). _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
