[cabfpub] Ballot 144 -.onion domains

Tom Ritter tom at ritter.vg
Fri Feb 13 16:52:43 UTC 2015 

Damn, Gerv replied before I could.  I'll add a couple notes:

On 13 February 2015 at 10:28, kirk_hall at trendmicro.com <
kirk_hall at trendmicro.com> wrote:

>  *                    Tor does not want to apply for .onion as a TLD, and
> does not want to be the registrar for .onion [Why not?  That would solve
> everything by making .onion a TLD, so all the current CA rules could
> apply.  And remember, website users are not looking for anonymity in their
> certs - they want EV certs with their identity displayed prominently in the
> browsers.]
>

Tor will consider applying for .onion the next time the TLD rigamarole
comes up. I don't believe you can just shoot off an application at this
point, the process is closed until it is opened again, and no announcements
on when that will be.  (I could be wrong there, but that's my belief.)  As
Gerv said, it's strange and difficult to try and register for a generic
term that you don't intend to actually process registrations for, that
would not be publicly accessible.  There was a big debate a few years ago I
don't know the status of, but how would people feel if I wanted to register
for [looks around the room, sees a picture frame] .frames and then never
use it?

Anyway, besides all that, the application fee is $180K and that doesn't
include the cost in terms of manpower (internal and external) to apply.  If
anyone is willing to sponsor the costs of doing so for a non-profit, Tor
will be happy to chat.


>  *                    The Tor process for assigning .onion domains does
> not require domains to be unique.
>

Technically, no.  The math makes it diminishingly small, but just on the
verge of attackable.  It's weak. We know. We're working on fixing it.

I would say; however, that while the Tor process for assigning .onion does
not require domains to be unique - the CA issuance process can.  These are
going to be in Certificate Transparency logs, you can go look.

-tom
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20150213/0aefc884/attachment-0003.html>

More information about the Public mailing list