[cabfpub] .onion and .exit

Jeremy.Rowley jeremy.rowley at digicert.com
Thu Oct 23 23:24:32 UTC 2014

Thanks Adam.  That's my thought as well.  If it was any other internal 
name other than onion, I wouldn't mention it. However, if supporting 
.onion shows support for Tor and what they are doing, I think it'd be 
worth looking how we can carve out an exception.   As for the 
"slippery-slope" argument, I'd say we have to evaluate them on a 
case-by-case basis (meaning they'll all be one-off hacks).  If another 
browser/community developed similar features as Tor with goals equally 
as valid (in my eyes), then I'd support them too.  I'm not aware of any 
that fit this criteria though.


On 10/23/2014 4:52 PM, Adam Langley wrote:
> On Thu, Oct 23, 2014 at 3:11 PM, Jeremy.Rowley
> <jeremy.rowley at digicert.com> wrote:
>> Thanks Ryan.  Adam didn't see as strongly opposed as you are in this email.
>> Also, Adam was going to reach out to Tor and get them to provide input.  Is
>> that still happening?
> I did point them at this thread. I'm guessing that they have lots to
> do I'm afraid.
> Issuing in a non-IANA domain is not to be done lightly and is against
> the Baseline currently. However, I don't agree that this is
> intrinsically the same as internal names since a specific onion
> address does globally, uniquely identify someone. It is something that
> could, plausibly, have a certificate.
> But if .onion is ok, what about all the other pseudo-TLDs that people
> use? If Tor want this then I wonder that they might need to support,
> say, onion.torproject.org in order to root it correctly in IANA space.
> Then it's a change to the Baseline validation rules, which is still a
> one-off hack, but I like Tor so I don't discount it out of hand.
> But without Tor fighting for it I'm not sure that there's much hope.
> Cheers
> .

More information about the Public mailing list