On 15 Jul 2015, at 5:37, David Conrad wrote:
I try to be pragmatic. Given I do not believe that refusing to put
ONION in the special names registry will stop the use of .ONION, the
size of the installed base of TOR implementations, and the
implications of the use of that string in certificates, I supporting
moving ONION to the special names registry. I really (really) wish
there was more concrete, objective metrics (e.g., size of installed
base or some such), but my gut feeling is that TOR is pretty well
deployed and given the CAB Forum stuff, I see no particular reason to
delay (after all, it's not like the deployed base of TOR is likely to
get smaller).
I don't see any mention of the CAB Forum stuff in the draft. Has anyone
done the analysis to see if CAB Forum members really will issue certs to
.onion addresses if we do this? Do they issue certs for .example or
.local today?
If certificate issuance is one of the key drivers for this work, there
needs to be information in the draft that shows that this approach will
work.
--
Joe Hildebrand