On 16 July 2015 at 00:44, Joe Hildebrand <hildjj@xxxxxxxxxxx> wrote: > I don't see any mention of the CAB Forum stuff in the draft. Has anyone > done the analysis to see if CAB Forum members really will issue certs to > .onion addresses if we do this? Do they issue certs for .example or .local > today? Not only will they issue certificates .onion, but they will not be required to revoke the certificates they have _already_ issued, and are using happily. I know Facebook and Blockchain, a few certs for each, and maybe a third I'm forgetting. That will only go up over time. On the topics of metrics, indeed https://metrics.torproject.org/ is the place. You missed a zero though. It's 2 *million* directly connecting users/day on average, not 200K. On the topic of carrot, I would suggest .carrot.alt =) I would also ask about your user base. On the topic of TLD vs Special Use: Yes I can confirm we want a special use name, not a TLD. On the topic of reliable resource, https://gitweb.torproject.org/torspec.git/tree/ is a great URL, this is where we standardize our specifications and update them. Our process is different from the IETF, but there is one. rend-spec.txt in particular deals with .onion - but you would need to work with the rest of the specs to get that far. Barring operator accidents or some absurd explosion in DNS price, I expect torproject.org will live 40+ years reliably. It may not be as future-reliable as iana.org or ietf.org, but that URL, and/or "the torspec repository" is probably as reasonably reliable as any other offsite link. I support this draft. -tom