On Tue, Jul 14, 2015 at 12:24 PM, The IESG <iesg-secretary(_at_)ietf(_dot_)org>
wrote:
The IESG has received a request from the Domain Name System Operations WG
(dnsop) to consider the following document:
- 'The .onion Special-Use Domain Name'
<draft-ietf-dnsop-onion-tld-00.txt> as Proposed Standard
The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action. Please send substantive comments to the
ietf(_at_)ietf(_dot_)org mailing lists by 2015-08-11. Exceptionally, comments
may be
sent to iesg(_at_)ietf(_dot_)org instead. In either case, please retain the
beginning of the Subject line to allow automated sorting.
Abstract
This document uses the Special-Use Domain Names registry to register the
'.onion' Top Level Domain (TLD) for the Tor Network. This is deemed
necessary
for hosts on the ToR network to apply for and receive legitimate SSL
Certificates.
Speaking as an individual only, I do not believe that this request is
well-formed. In May of 2000, the IAB of the time issued RFC 2826, which
provided a technical commentary on the value of the unique DNS root. Among
its statements is this:
The DNS fulfills an essential role within the Internet protocol
environment, allowing network locations to be referred to using a
label other than a protocol address.
I believe that .onion is, essentially, a way for structuring protocol
addresses so that they appear to be DNS names. It does not conform to the
delegation model of the DNS, and it requires special knowledge on the part
of the handler to understand it. The authors of the document propose to
register it in the DNS under the rubric of RFC 6761, which says:
If it is determined that special handling of a name is required in
order to implement some desired new functionality, then an IETF
"Standards Action" or "IESG Approval" specification [RFC5226
<https://tools.ietf.org/html/rfc5226>] MUST be
published describing the new functionality.
The specification MUST state how implementations determine that the
special handling is required for any given name. This is typically
done by stating that any fully qualified domain name ending in a
certain suffix (i.e., falling within a specified parent pseudo-
domain) will receive the special behaviour. In effect, this carves
off a sub-tree of the DNS namespace in which the modified name
treatment rules apply, analogous to how IP multicast [RFC1112
<https://tools.ietf.org/html/rfc1112>] or IP
link-local addresses [RFC3927
<https://tools.ietf.org/html/rfc3927>] [RFC4862
<https://tools.ietf.org/html/rfc4862>] carve off chunks of the IP
address space in which their respective modified address treatment
rules apply.
I do not believe this document is sufficient to describe the new
functionality; the primary description is actually in an informational
reference, [Dingledine2004].
<https://www.onion-router.net/Publications/tor-design.pdf>This does not
appear, at least to me, to meet the requirements set out in the
registration document.
Further, I believe this stretches the "special handling" requirement of RFC
6761 to the breaking point. This does not describe special handling
_within the DNS_, but instead removes a portion of the global namespace
from the DNS at all. To me, at least, this does not seem to me to meet the
analogy RFC 6761 provides to IP multicast ranges or local addresses.
Whether it is permitted or not by RFC 6761, it is a bad idea.
My opinion only,
Ted Hardie
The file can be obtained via
https://datatracker.ietf.org/doc/draft-ietf-dnsop-onion-tld/
IESG discussion can be tracked via
https://datatracker.ietf.org/doc/draft-ietf-dnsop-onion-tld/ballot/
No IPR declarations have been submitted directly on this I-D.