On Tue, Jul 14, 2015 at 12:24 PM, The IESG <iesg-secretary@xxxxxxxx> wrote:
Further, I believe this stretches the "special handling" requirement of RFC 6761 to the breaking point. This does not describe special handling _within the DNS_, but instead removes a portion of the global namespace from the DNS at all. To me, at least, this does not seem to me to meet the analogy RFC 6761 provides to IP multicast ranges or local addresses. Whether it is permitted or not by RFC 6761, it is a bad idea.
The IESG has received a request from the Domain Name System Operations WG
(dnsop) to consider the following document:
- 'The .onion Special-Use Domain Name'
<draft-ietf-dnsop-onion-tld-00.txt> as Proposed Standard
The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action. Please send substantive comments to the
ietf@xxxxxxxx mailing lists by 2015-08-11. Exceptionally, comments may be
sent to iesg@xxxxxxxx instead. In either case, please retain the
beginning of the Subject line to allow automated sorting.
Abstract
This document uses the Special-Use Domain Names registry to register the
'.onion' Top Level Domain (TLD) for the Tor Network. This is deemed necessary
for hosts on the ToR network to apply for and receive legitimate SSL Certificates.
Speaking as an individual only, I do not believe that this request is well-formed. In May of 2000, the IAB of the time issued RFC 2826, which provided a technical commentary on the value of the unique DNS root. Among its statements is this:
The DNS fulfills an essential role within the Internet protocol environment, allowing network locations to be referred to using a label other than a protocol address.I believe that .onion is, essentially, a way for structuring protocol addresses so that they appear to be DNS names. It does not conform to the delegation model of the DNS, and it requires special knowledge on the part of the handler to understand it. The authors of the document propose to register it in the DNS under the rubric of RFC 6761, which says:
If it is determined that special handling of a name is required in order to implement some desired new functionality, then an IETF "Standards Action" or "IESG Approval" specification [RFC5226] MUST be published describing the new functionality. The specification MUST state how implementations determine that the special handling is required for any given name. This is typically done by stating that any fully qualified domain name ending in a certain suffix (i.e., falling within a specified parent pseudo- domain) will receive the special behaviour. In effect, this carves off a sub-tree of the DNS namespace in which the modified name treatment rules apply, analogous to how IP multicast [RFC1112] or IP link-local addresses [RFC3927] [RFC4862] carve off chunks of the IP address space in which their respective modified address treatment rules apply.
I do not believe this document is sufficient to describe the new functionality; the primary description is actually in an informational reference, [Dingledine2004]. This does not appear, at least to me, to meet the requirements set out in the registration document.
Further, I believe this stretches the "special handling" requirement of RFC 6761 to the breaking point. This does not describe special handling _within the DNS_, but instead removes a portion of the global namespace from the DNS at all. To me, at least, this does not seem to me to meet the analogy RFC 6761 provides to IP multicast ranges or local addresses. Whether it is permitted or not by RFC 6761, it is a bad idea.
My opinion only,
Ted Hardie
The file can be obtained via
https://datatracker.ietf.org/doc/draft-ietf-dnsop-onion-tld/
IESG discussion can be tracked via
https://datatracker.ietf.org/doc/draft-ietf-dnsop-onion-tld/ballot/
No IPR declarations have been submitted directly on this I-D.