[cabfpub] FW: Extension of period allowing .onion certificates

kirk_hall at trendmicro.com kirk_hall at trendmicro.com
Mon Nov 23 17:39:38 UTC 2015

Our existing rule only allows .onion certs to be issued “after (and only if) .onion is officially recognized by the IESG as a reserved TLD.”

Here is what IETF did – the RFC makes it pretty clear how the .onion domain may be used.

However, it is a “special-use” domain.  They also have “Policy Reserved Domains”


I know at least one CA was of the opinion that it can no longer issue .onion certs.

Maybe we should add an amendment to a future uncontroversial ballot (unless someone objects) to clear this up.

From: Ryan Sleevi [mailto:sleevi at google.com]
Sent: Monday, November 23, 2015 8:44 AM
To: Gervase Markham
Cc: Kirk Hall (RD-US); CABFPub (public at cabforum.org)
Subject: Re: [cabfpub] FW: Extension of period allowing .onion certificates

Agreed that I don't believe a ballot is necessary to extend or permit anything. We could put forth a ballot to clear up the language, but that would have no change on the functional issuance of such certificates, which are permitted under the current BRs indefinitely now that status has been granted.

On Mon, Nov 23, 2015 at 8:18 AM, Gervase Markham <gerv at mozilla.org<mailto:gerv at mozilla.org>> wrote:
On 22/11/15 21:08, kirk_hall at trendmicro.com<mailto:kirk_hall at trendmicro.com> wrote:
> Is this sufficient reason to authorize .onion permanently?

I didn't realise the authorization wasn't permanent; I thought it was
permanent conditional on IESG approval, which we now have. If that's not
the case, we should fix that, yes :-)


Public mailing list
Public at cabforum.org<mailto:Public at cabforum.org>

<table class="TM_EMAIL_NOTICE"><tr><td><pre>
The information contained in this email and any attachments is confidential 
and may be subject to copyright or other intellectual property protection. 
If you are not the intended recipient, you are not authorized to use or 
disclose this information, and we request that you notify us by reply mail or
telephone and delete the original message from your mail system.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20151123/f9c7b4a6/attachment-0003.html>

More information about the Public mailing list