[cabfpub] .onion and .exit

Adam Langley agl at google.com
Thu Oct 23 22:52:12 UTC 2014

On Thu, Oct 23, 2014 at 3:11 PM, Jeremy.Rowley
<jeremy.rowley at digicert.com> wrote:
> Thanks Ryan.  Adam didn't see as strongly opposed as you are in this email.
> Also, Adam was going to reach out to Tor and get them to provide input.  Is
> that still happening?

I did point them at this thread. I'm guessing that they have lots to
do I'm afraid.

Issuing in a non-IANA domain is not to be done lightly and is against
the Baseline currently. However, I don't agree that this is
intrinsically the same as internal names since a specific onion
address does globally, uniquely identify someone. It is something that
could, plausibly, have a certificate.

But if .onion is ok, what about all the other pseudo-TLDs that people
use? If Tor want this then I wonder that they might need to support,
say, onion.torproject.org in order to root it correctly in IANA space.
Then it's a change to the Baseline validation rules, which is still a
one-off hack, but I like Tor so I don't discount it out of hand.

But without Tor fighting for it I'm not sure that there's much hope.



More information about the Public mailing list