[cabfpub] .onion and .exit

Jeremy.Rowley jeremy.rowley at digicert.com
Thu Oct 23 16:27:28 MST 2014


I completely agree.  Until we hear from Tor and other interested 
parties, there isn't a need to formulate a ballot for the exception. 
However, assuming support is shown for Tor, would putting it in a lesser 
used SAN entry be the best place rather than creating a broader 
exception or using a different field?

Jeremy


On 10/23/2014 5:01 PM, Ryan Sleevi wrote:
>
> My comment was merely that its not permitted under the BRs today, and 
> a ballot would need to change that.
>
> As Adam notes, it is possible to come up with unique identification 
> schemes, if the necessary steps are taken first (IANA registration and 
> a BR ballot among them).
>
> To support a ballot, demonstration of interest from the affected 
> parties would be needed.
>
> On Oct 23, 2014 3:52 PM, "Adam Langley" <agl at google.com 
> <mailto:agl at google.com>> wrote:
>
>     On Thu, Oct 23, 2014 at 3:11 PM, Jeremy.Rowley
>     <jeremy.rowley at digicert.com <mailto:jeremy.rowley at digicert.com>>
>     wrote:
>     > Thanks Ryan.  Adam didn't see as strongly opposed as you are in
>     this email.
>     > Also, Adam was going to reach out to Tor and get them to provide
>     input.  Is
>     > that still happening?
>
>     I did point them at this thread. I'm guessing that they have lots to
>     do I'm afraid.
>
>     Issuing in a non-IANA domain is not to be done lightly and is against
>     the Baseline currently. However, I don't agree that this is
>     intrinsically the same as internal names since a specific onion
>     address does globally, uniquely identify someone. It is something that
>     could, plausibly, have a certificate.
>
>     But if .onion is ok, what about all the other pseudo-TLDs that people
>     use? If Tor want this then I wonder that they might need to support,
>     say, onion.torproject.org <http://onion.torproject.org> in order
>     to root it correctly in IANA space.
>     Then it's a change to the Baseline validation rules, which is still a
>     one-off hack, but I like Tor so I don't discount it out of hand.
>
>     But without Tor fighting for it I'm not sure that there's much hope.
>
>
>     Cheers
>
>     AGL
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/public/attachments/20141023/55b4326d/attachment.html 


More information about the Public mailing list