On Mon, Jun 12, 2017 at 03:52:00PM +0200, Stephane Bortzmeyer wrote: > On Tue, Jun 06, 2017 at 01:17:55PM -0700, > The IESG <iesg-secretary@xxxxxxxx> wrote > a message of 42 lines which said: > > > The IESG has received a request from the Domain Name System > > Operations WG (dnsop) to consider the following document: - > > 'Special-Use Domain Names Problem Statement' > > <draft-ietf-dnsop-sutld-ps-05.txt> as Informational RFC > > For an issue which is quite contentious and sensitive, I think there > are some points in the document that deserve a change. > > Biggest point: the IESG decided to freeze the RFC 6761 process > <https://www.ietf.org/blog/2015/09/onion/> I regret this decision (RFC > 6761 is still in force, it has not been deprecated or updated) and, > unfortunately, registration of new Special-Use Domain Names is now > impossible (pending an action on RFC 6761 that will probably never > come). So, de facto, a regular process has been shut down, leaving the > IETF without a possibility to register these domain names. > > > * Section 4.2.2 says "the fact of its unilateral use by The Tor > Project without following the RFC 6761 process" The onion TLD was in > use in Tor since 2004, nine years before the publication of RFC > 6761. It is grossly unfair to reproach not following an unpublished > RFC. It was mentioned a long time ago > <https://mailarchive.ietf.org/arch/msg/dnsop/nr4ECaVw6PT09o2xdM3jrKllHBI> ---- OLD: The situation was somewhat forced, both by the fact of its unilateral use by The Tor Project without following the RFC 6761 process, and because a deadline had been set by the CA/Browser Forum [SDO-CABF-INT] after which all .onion PKI certificates would expire and no new certificates would be issued, unless the .onion Special-Use Top-Level Domain Name were to be recognized by the IETF. NEW: The situation was somewhat forced, both by the fact that use of the .onion domain name by the Tor Project predates the process described in RFC 6761 by 9 years, and because a deadline [CABF-DEADLINE] had been set by the CA/Browser Forum [CABF] after which all PKI certificates for internal names would expire and no new certificates would be issued. At the time .onion was considered an internal name. IETF recognition of the .onion as a Special-Use Top-Level Domain Name facilitated the development of a certificate issuance process specific to .onion domain names [CABF-BALLOT144]. [CABF-DEADLINE] should link to https://www.digicert.com/internal-names.htm [CABF] should link to https://cabforum.org/ [CABF-BALLOT144] should link to https://cabforum.org/2015/02/18/ballot-144-validation-rules-dot-onion-names/ ---- I wasn't there, but reading ballot-144, some cabforum mails, and https://blog.torproject.org/blog/landmark-hidden-services-onion-names-reserved-ietf it appears to me that all parties involved were actively trying to fix a long standing broken situation. Kind regards, Job