ietf
[Top] [All Lists]

Re: [DNSOP] Last Call: <draft-ietf-dnsop-sutld-ps-05.txt> (Special-Use Domain Names Problem Statement) to Informational RFC

2017-06-12 10:00:57
On Mon, Jun 12, 2017 at 03:52:00PM +0200, Stephane Bortzmeyer wrote:
On Tue, Jun 06, 2017 at 01:17:55PM -0700,
 The IESG <iesg-secretary(_at_)ietf(_dot_)org> wrote 
 a message of 42 lines which said:

The IESG has received a request from the Domain Name System
Operations WG (dnsop) to consider the following document: -
'Special-Use Domain Names Problem Statement'
<draft-ietf-dnsop-sutld-ps-05.txt> as Informational RFC

For an issue which is quite contentious and sensitive, I think there
are some points in the document that deserve a change.

Biggest point: the IESG decided to freeze the RFC 6761 process
<https://www.ietf.org/blog/2015/09/onion/> I regret this decision (RFC
6761 is still in force, it has not been deprecated or updated) and,
unfortunately, registration of new Special-Use Domain Names is now
impossible (pending an action on RFC 6761 that will probably never
come). So, de facto, a regular process has been shut down, leaving the
IETF without a possibility to register these domain names.


* Section 4.2.2 says "the fact of its unilateral use by The Tor
Project without following the RFC 6761 process" The onion TLD was in
use in Tor since 2004, nine years before the publication of RFC
6761. It is grossly unfair to reproach not following an unpublished
RFC. It was mentioned a long time ago
<https://mailarchive.ietf.org/arch/msg/dnsop/nr4ECaVw6PT09o2xdM3jrKllHBI>

----

OLD:
   The situation was somewhat forced, both by the fact of its unilateral
   use by The Tor Project without following the RFC 6761 process, and
   because a deadline had been set by the CA/Browser Forum
   [SDO-CABF-INT] after which all .onion PKI certificates would expire
   and no new certificates would be issued, unless the .onion
   Special-Use Top-Level Domain Name were to be recognized by the IETF.

NEW:
   The situation was somewhat forced, both by the fact that use of the
   .onion domain name by the Tor Project predates the process described
   in RFC 6761 by 9 years, and because a deadline [CABF-DEADLINE] had
   been set by the CA/Browser Forum [CABF] after which all PKI
   certificates for internal names would expire and no new certificates
   would be issued. At the time .onion was considered an internal name.
   IETF recognition of the .onion as a Special-Use Top-Level Domain Name
   facilitated the development of a certificate issuance process
   specific to .onion domain names [CABF-BALLOT144]. 

[CABF-DEADLINE] should link to https://www.digicert.com/internal-names.htm
[CABF] should link to https://cabforum.org/
[CABF-BALLOT144] should link to 
https://cabforum.org/2015/02/18/ballot-144-validation-rules-dot-onion-names/

----

I wasn't there, but reading ballot-144, some cabforum mails, and 
https://blog.torproject.org/blog/landmark-hidden-services-onion-names-reserved-ietf
it appears to me that all parties involved were actively trying to fix a
long standing broken situation.

Kind regards,

Job