<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">Damn, Gerv replied before I could. I'll add a couple notes:</div><div class="gmail_quote"><br></div><div class="gmail_quote">On 13 February 2015 at 10:28, <a href="mailto:kirk_hall@trendmicro.com">kirk_hall@trendmicro.com</a> <span dir="ltr"><<a href="mailto:kirk_hall@trendmicro.com" target="_blank">kirk_hall@trendmicro.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div lang="EN-US" link="blue" vlink="purple">
<div>
<p style="margin-left:.75in">•<span style="font-stretch:normal;font-size:7pt;font-family:'Times New Roman'">
</span><u></u>Tor does not want to apply for .onion as a TLD, and does not want to be the registrar for .onion [Why not? That would solve everything by making .onion a TLD, so all the current CA rules could apply. And remember, website users are
not looking for anonymity in their certs – they want EV certs with their identity displayed prominently in the browsers.]<br></p></div></div></blockquote><div><br></div><div>Tor will consider applying for .onion the next time the TLD rigamarole comes up. I don't believe you can just shoot off an application at this point, the process is closed until it is opened again, and no announcements on when that will be. (I could be wrong there, but that's my belief.) As Gerv said, it's strange and difficult to try and register for a generic term that you don't intend to actually process registrations for, that would not be publicly accessible. There was a big debate a few years ago I don't know the status of, but how would people feel if I wanted to register for [looks around the room, sees a picture frame] .frames and then never use it?</div><div><br></div><div>Anyway, besides all that, the application fee is $180K and that doesn't include the cost in terms of manpower (internal and external) to apply. If anyone is willing to sponsor the costs of doing so for a non-profit, Tor will be happy to chat.</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div lang="EN-US" link="blue" vlink="purple"><div><p style="margin-left:.75in"><u></u><u></u></p>
<p style="margin-left:.75in">
<u></u><span>•<span style="font:7.0pt "Times New Roman"">
</span></span><u></u>The Tor process for assigning .onion domains does not require domains to be unique.</p></div></div></blockquote><div><br></div><div>Technically, no. The math makes it diminishingly small, but just on the verge of attackable. It's weak. We know. We're working on fixing it.</div><div><br></div><div>I would say; however, that while the Tor process for assigning .onion does not require domains to be unique - the CA issuance process can. These are going to be in Certificate Transparency logs, you can go look.</div><div><br></div><div>-tom</div></div></div></div>