draft-ietf-dnsop-alt-tld-07.txt   draft-ietf-dnsop-alt-tld-08.txt 
dnsop W. Kumari dnsop W. Kumari
Internet-Draft Google Internet-Draft Google
Intended status: Informational A. Sullivan Intended status: Informational A. Sullivan
Expires: August 5, 2017 Dyn Expires: September 4, 2017 Dyn
February 1, 2017 March 3, 2017
The ALT Special Use Top Level Domain The ALT Special Use Top Level Domain
draft-ietf-dnsop-alt-tld-07 draft-ietf-dnsop-alt-tld-08
Abstract Abstract
This document reserves a string (ALT) to be used as a TLD label in This document reserves a string (ALT) to be used as a TLD label in
non-DNS contexts, or for names that have no meaning in a global non-DNS contexts. It also provides advice and guidance to developers
context. It also provides advice and guidance to developers developing alternative namespaces.
developing alternate namespaces.
[Ed note: Text inside square brackets ([]) is additional background [Ed note: Text inside square brackets ([]) is additional background
information, answers to frequently asked questions, general musings, information, answers to frequently asked questions, general musings,
etc. They will be removed before publication.This document is being etc. They will be removed before publication. This document is
collaborated on in Github at: https://github.com/wkumari/draft- being collaborated on in Github at: https://github.com/wkumari/draft-
wkumari-dnsop-alt-tld. The most recent version of the document, open wkumari-dnsop-alt-tld. The most recent version of the document, open
issues, etc should all be available here. The authors (gratefully) issues, etc should all be available here. The authors (gratefully)
accept pull requests. NOTE: This document is currently a parked WG accept pull requests. ]
document -- as such, all changes are being handled in GitHub and a
new version will be posted once unparked.
It had been suggested (off-list) that the draft should contain <TBD>
instead of .ALT, and then make the WG choose a string before
publication. A version of the draft like this was published on
GitHub (https://github.com/wkumari/draft-wkumari-dnsop-alt-tld/
tree/7988fcf06100f7a17f21e6993b781690b5774472) (and generated no
feedback). This version reverts to .ALT -- the chairs stated that
the document was adopted with the string .alt, it has been discussed
as .alt. IMO, it is more readable as .alt; it would also be a
difficult consensus call, boiling down to beauty contests. If the WG
selects a different string ("not-dns" had been suggested in the
past), the editors will, of course, replace it. ]
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on August 5, 2017. This Internet-Draft will expire on September 4, 2017.
Copyright Notice Copyright Notice
Copyright (c) 2017 IETF Trust and the persons identified as the Copyright (c) 2017 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
1.1. Requirements notation . . . . . . . . . . . . . . . . . . 3 1.1. Requirements notation . . . . . . . . . . . . . . . . . . 2
1.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 1.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3
2. Background . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Background . . . . . . . . . . . . . . . . . . . . . . . . . 3
3. The ALT namespace . . . . . . . . . . . . . . . . . . . . . . 4 3. The ALT namespace . . . . . . . . . . . . . . . . . . . . . . 4
3.1. Choice of the ALT Name . . . . . . . . . . . . . . . . . 5 3.1. Choice of the ALT Name . . . . . . . . . . . . . . . . . 5
4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 5 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 5
4.1. Domain Name Reservation Considerations . . . . . . . . . 5 4.1. Domain Name Reservation Considerations . . . . . . . . . 5
5. Security Considerations . . . . . . . . . . . . . . . . . . . 6 5. Privacy Considerations . . . . . . . . . . . . . . . . . . . 6
6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 7 6. Security Considerations . . . . . . . . . . . . . . . . . . . 7
7. References . . . . . . . . . . . . . . . . . . . . . . . . . 7 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 7
7.1. Normative References . . . . . . . . . . . . . . . . . . 7 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 7
7.2. Informative References . . . . . . . . . . . . . . . . . 7 8.1. Normative References . . . . . . . . . . . . . . . . . . 7
8.2. Informative References . . . . . . . . . . . . . . . . . 8
Appendix A. Changes / Author Notes. . . . . . . . . . . . . . . 8 Appendix A. Changes / Author Notes. . . . . . . . . . . . . . . 8
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 10 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 11
1. Introduction 1. Introduction
Many protocols and systems need to name entities. Names that look Many protocols and systems need to name entities. Names that look
like DNS names (a series of labels separated with dots) have become like DNS names (a series of labels separated with dots) have become
common, even in systems that are not part of the global DNS common, even in systems that are not part of the global DNS
administered by IANA. administered by IANA. This document reserves the label "ALT" (short
for "Alternative") as a Special Use Domain ([RFC6761]). This label
This document reserves the label "ALT" (short for "Alternate") as a is intended to be used as the final (rightmost) label to signify that
Special Use Domain ([RFC6761]). This label is intended to be used as the name is not rooted in the DNS, and that should not be resolved
the final (rightmost) label to signify that the name is not rooted in using the DNS protocol.
the DNS, and that normal registration and lookup rules do not apply.
1.1. Requirements notation 1.1. Requirements notation
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119]. document are to be interpreted as described in [RFC2119].
1.2. Terminology 1.2. Terminology
This document assumes familiarity with DNS terms and concepts. This document assumes familiarity with DNS terms and concepts.
Please see [RFC1034] for background and concepts, and [RFC7719] for Please see [RFC1034] for background and concepts, and [RFC7719] for
terminology. Readers are also expected to be familiar with the terminology. Readers are also expected to be familiar with the
discussions in [I-D.ietf-dnsop-sutld-ps] discussions in [I-D.ietf-dnsop-sutld-ps]
o DNS name: Domain names that are intended to be used with DNS o DNS name: Domain names that are intended to be used with DNS
resolution, either in the global DNS or in some other context resolution, either in the global DNS or in some other context
o DNS context: The namespace anchored at the globally-unique DNS o DNS context: The namespace anchored at the globally-unique DNS
root. This is the namespace or context that "normal" DNS uses. root. This is the namespace or context that "normal" DNS uses.
o non-DNS context: Any other (alternate) namespace. o non-DNS context: Any other (alternative) namespace.
o pseudo-TLD: A label that appears in a fully-qualified domain name o pseudo-TLD: A label that appears in a fully-qualified domain name
in the position of a TLD, but which is not registered in the in the position of a TLD, but which is not registered in the
global DNS. This term is in no way intended to be pejorative. global DNS. This term is not intended to be pejorative.
o TLD: The last visible label in either a fully-qualified domain o TLD: The last visible label in either a fully-qualified domain
name or a name that is qualified relative to the root. See the name or a name that is qualified relative to the root. See the
discussion in Section 2. discussion in Section 2.
2. Background 2. Background
The success of the DNS makes it a natural starting point for systems The success of the DNS makes it a natural starting point for systems
that need to name entities in a non-DNS context. that need to name entities in a non-DNS context.
In many cases, these systems build a DNS-style tree parallel to, but In many cases, these systems build a DNS-style tree parallel to, but
separate from, the global DNS. They often use a pseudo-TLD to cause separate from, the global DNS. They often use a pseudo-TLD to cause
resolution in the alternate namespace, using browser plugins, shims resolution in the alternative namespace, using browser plugins, shims
in the name resolution process, or simply applications that perform in the name resolution process, or simply applications that perform
special handling of this particular alternate namespace. An example special handling of this particular alternative namespace. An
of such a system is the Tor network's [Dingledine2004] use of the example of such a system is the Tor network's [Dingledine2004] use of
".onion" Special-Use Top-Level Domain Name (see [RFC7686]). the ".onion" Special-Use Top-Level Domain Name (see [RFC7686]).
In many cases, the creators of these alternative namespaces have In many cases, the creators of these alternative namespaces have
chosen a convenient or descriptive string and started using it. chosen a convenient or descriptive string and started using it.
These strings are not registered anywhere nor are they part of the These strings are not registered anywhere nor are they part of the
DNS. However, to users and to some applications they appear to be DNS. However, to users and to some applications they appear to be
TLDs; and issues may arise if they are looked up in the DNS. TLDs; and issues may arise if they are looked up in the DNS. This
document suggests that name resolution libraries (stub resolvers)
An alternate name resolution system might be specifically designed to recognize names ending in ".alt" as special, and not attempt to look
provide confidentiality of the looked up name, and to provide a them up using the DNS protocol in order to limit the effects of
distributed and censorship-resistant namespace. This goal would queries accidentally leaking into the DNS.
necessarily be defeated if the queries leak into the DNS, because the
attempt to look up the name would be visible to the operators of root
name servers at a minimum as well as to any entity viewing the DNS
lookups going to the root nameservers.
The techniques in this document are primarily intended to address the The techniques in this document are primarily intended to address the
"Experimental Squatting Problem", the "Land Rush Problem" and "Name "Experimental Squatting Problem", the "Land Rush Problem" and "Name
Collisions" issues discussed in [I-D.ietf-dnsop-sutld-ps] (whiich Collisions" issues discussed in [I-D.ietf-dnsop-sutld-ps] (which
contains much additional background, etc). contains much additional background, etc).
3. The ALT namespace 3. The ALT namespace
This document reserves the ALT label, using the [RFC6761] process, This document reserves the ALT label, using the [RFC6761] process,
for use as an unmanaged pseudo-TLD namespace. The ALT label MAY be for use as an unmanaged pseudo-TLD namespace. The ALT label MAY be
used in any domain name as a pseudo-TLD to signify that this is an used in any domain name as a pseudo-TLD to signify that this is an
alternate (non-DNS) namespace, and should not be looked up in a DNS alternative (non-DNS) namespace, and should not be looked up in a DNS
context. context.
Alternative namespaces should differentiate themselves from other Alternative namespaces should differentiate themselves from other
alternate namespaces by choosing a name and using it in the label alternative namespaces by choosing a name and using it in the label
position just before the pseudo-TLD (ALT). For example, a group position just before the pseudo-TLD (ALT). For example, a group
wishing to create a namespace for Friends Of Olaf might choose the wishing to create a namespace for Friends Of Olaf might choose the
string "foo" and use any set of labels under foo.alt. string "foo" and use any set of labels under foo.alt.
As they are in an alternative namespace, they have no significance in As names beneath ALT are in an alternative namespace, they have no
the regular DNS context and so should not be looked up in the DNS significance in the regular DNS context and so should not be looked
context. Some of these requests will inevitably leak into the DNS up in the DNS context.
context (for example, because of clicks on a link in a browser that
does not have a extension installed that implements the alternate
namespace resolution), and so the ALT TLD has been added to the
"Locally Served DNS Zones" ( [RFC6303]) registry to limit how far
these flow.
Groups wishing to create new alternate namespaces MAY create their Groups wishing to create new alternative namespaces may create their
alternate namespace under a label that names their namespace under alternative namespace under a label that names their namespace under
the ALT label. They SHOULD choose a label that they expect to be the ALT label. They should attempt to choose a label that they
unique and, ideally, descriptive. There is no IANA controlled expect to be unique and, ideally, descriptive. There is no IANA
registry for names under the ALT TLD - it is an unmanaged namespace, registry for names under the ALT TLD - it is an unmanaged namespace,
and developers are responsible for dealing with any collisions that and developers are responsible for dealing with any collisions that
may occur under .alt. Informal lists of namespaces under .alt may may occur under .alt. Informal lists of namespaces under .alt may
appear to assist the developer community. appear to assist the developer community.
[Editor note (to be removed before publication): There was [Editor note (to be removed before publication): There was
significant discussion on an IANA registry for the ALT namespace - significant discussion on an IANA registry for the ALT namespace -
please consult the lists for full thread, but the consensus was that please consult the lists for full thread, but the consensus was that
it would be better for the IETF / IANA to not administer a registry it would be better for the IETF / IANA to not administer a registry
for this. It is expected one or more unofficial lists will be for this. It is expected one or more unofficial lists will be
skipping to change at page 5, line 34 skipping to change at page 5, line 18
order for this technique to be effective the names need to continue order for this technique to be effective the names need to continue
to follow both the DNS format and conventions (a prime consideration to follow both the DNS format and conventions (a prime consideration
for alternative name formats is that they can be entered in places for alternative name formats is that they can be entered in places
that normally take DNS context names); this rules out using suffixes that normally take DNS context names); this rules out using suffixes
that do not follow the usual letter, digit, and hyphen label that do not follow the usual letter, digit, and hyphen label
convention. convention.
4. IANA Considerations 4. IANA Considerations
The IANA is requested to add the ALT string to the "Special-Use The IANA is requested to add the ALT string to the "Special-Use
Domain Name" registry ([RFC6761], and reference this document. In Domain Name" registry ([RFC6761], and reference this document.
addition, the "Locally Served DNS Zones" ([RFC6303]) registry should
be updated to reference this document.
4.1. Domain Name Reservation Considerations 4.1. Domain Name Reservation Considerations
This section is to satisfy the requirement in Section 5 of RFC6761. This section is to satisfy the requirement in Section 5 of RFC6761.
The domain "alt.", and any names falling within ".alt.", are special The string ".alt." (and names ending with the string .alt) are
in the following ways: special in the following ways:
1. Human users are expected to know that strings that end in .alt 1. Users are expected to know that strings that end in .alt behave
behave differently to normal DNS names. Users are expected to differently to normal DNS names. Users are expected to have
have applications running on their machines that intercept applications running on their machines that intercept strings of
strings of the form <namespace>.alt and perform special handing the form <namespace>.alt and perform special handing of them. If
of them. If the user tries to resolve a name of the form the user tries to resolve a name of the form <namespace>.alt
<namespace>.alt without the <namespace> plugin installed, the without the <namespace> plugin installed, the request will leak
request will leak into the DNS, and receive a negative response. into the DNS, receive a negative response, and the resolution
will fail.
2. Writers of application software that implement a non-DNS 2. Writers of application software that implement a non-DNS
namespace are expected to intercept names of the form namespace are expected to intercept names of the form
<namespace>.alt and perform application specific handing with <namespace>.alt and perform application specific handing with
them. Other applications are not intended to perform any special them. Other applications are not required to perform any special
handing. handing (but may choose to provide helpful informational messages
if able).
3. Writers of name resolution APIs and libraries which operate in 3. Writers of name resolution APIs and libraries which operate in
the DNS context should not attempt to look these names up in the the DNS context should not attempt to look these names up in the
DNS. If developers of other namespaces implement their namespace DNS. If developers of other namespaces implement their namespace
through a "shim" or library, they will need to intercept and through a "shim" or library, they will need to intercept and
perform their own handling. perform their own handling.
4. Caching DNS servers SHOULD recognize these names as special and 4. Caching DNS servers SHOULD NOT recognize these names as special
SHOULD NOT, by default, attempt to look up NS records for them, and should not perform any special handling with them.
or otherwise query authoritative DNS servers in an attempt to
resolve these names. Instead, caching DNS servers SHOULD
generate immediate negative responses for all such queries.
5. Authoritative DNS servers SHOULD recognize these names as special 5. Authoritative DNS servers SHOULD NOT recognize these names as
and SHOULD, by default, generate immediate negative responses for special and should not perform any special handling with them.
all such queries, unless explicitly configured by the
administrator to give positive answers for private-address
reverse-mapping names.
6. DNS server operators SHOULD be aware that queries for names 6. DNS server operators SHOULD be aware that queries for names
ending in .alt are not DNS names, and were leaked into the DNS ending in .alt are not DNS names, and were leaked into the DNS
context (for example, by a missing browser plugin). This context (for example, by a missing browser plugin). This
information may be useful for support or debugging purposes. information may be useful for support or debugging purposes.
7. DNS Registries/Registrars MUST NOT grant requests to register 7. DNS Registries/Registrars MUST NOT grant requests to register
"alt" names in the normal way to any person or entity. These ".alt" names in the normal way to any person or entity. These
"alt" names are defined by protocol specification to be ".alt" names are defined by protocol specification to be
nonexistent, and they fall outside the set of names available for nonexistent, and they fall outside the set of names available for
allocation by registries/registrars. allocation by registries/registrars.
5. Security Considerations [ Ed note: The above list (esp. 4 and 5) was changed between version
-07 and -08, and instruction to add .ALT to the "Locally Served
Zones" registry was removed. This was in response to discussions in
the DNSOP Interim Meeting (2017-02) and discussions on the DNSOP list
on "correct" behavior of leaking .alt queries and the interaction
with DNSSEC. This topic generated in excess of 160 dense emails, but
the summary was that that A: these are not DNS names (similar to
.onion), and B: a delegation would need to be inserted in the ICANN/
IANA root zone in order to avoid SERVFAIL responses if this were
added to "Locally Served". The consensus was that it is better to
not request adding this to Locally Served (and so avoiding having to
ask ICANN to create a process to create a "TLD" for the purposes of
insecure delegation). ]
5. Privacy Considerations
This document reserves ALT to be used to indicate that a name is not
a DNS name, and so should not attempt to be resolved using the DNS.
Unfortunately, these queries will undoubtedly leak into the DNS - for
example, a user may receive an email containing a hostname which
should be resolved using a specific resolution context (implemented
by a specific application or resolution mechanism). If the user does
not have that particular application installed (and their stub
resolver library has not been updated to ignore queries for names
ending in .alt), it is likely that this will instead be resolved
using the DNS. This DNS query will likely be sent to the configured
iterative resolver. If this resolver does not have a cache entry for
this name (or, if the resolver implements
[I-D.ietf-dnsop-nsec-aggressiveuse], a entry for .alt) this query
will likely be sent to the DNS root servers. This exposes the
(leaked) query name to the operator of the resolver, the operator of
the queried DNS root server, and anyone watching queries along the
path. This is a general problem with alternative name spaces and not
confined to names ending in .alt.
6. Security Considerations
One of the motivations for the creation of the .alt pseudo-TLD is One of the motivations for the creation of the .alt pseudo-TLD is
that unmanaged labels in the managed root name space are subject to that unmanaged labels in the managed root name space are subject to
unexpected takeover. This could occur if the manager of the root unexpected takeover. This could occur if the manager of the root
name space decides to delegate the unmanaged label. Another name space decides to delegate the unmanaged label.
motivation for implementing the .alt namespace to increase user
privacy for those who do use alternate name resolution systems; it
would limit how far these queries leak (e.g if used on a system which
does not implement the alternate resolution system).
The unmanaged and "registration not required" nature of labels The unmanaged and "registration not required" nature of labels
beneath .alt provides the opportunity for an attacker to re-use the beneath .alt provides the opportunity for an attacker to re-use the
chosen label and thereby possibly compromise applications dependent chosen label and thereby possibly compromise applications dependent
on the special host name. on the special host name.
6. Acknowledgements 7. Acknowledgements
We would also like to thank Joe Abley, Mark Andrews, Marc Blanchet, We would like to thank Joe Abley, Mark Andrews, Marc Blanchet, John
John Bond, Stephane Bortzmeyer, David Cake, David Conrad, Patrik Bond, Stephane Bortzmeyer, David Cake, David Conrad, Steve Crocker,
Faltstrom, Olafur Gudmundsson, Bob Harold, Paul Hoffman, Joel Brian Dickson, Ralph Droms, Robert Edmonds, Patrik Faltstrom, Olafur
Jaeggli, Ted Lemon, Edward Lewis, George Michaelson, Ed Pascoe, Gudmundsson, Bob Harold, Paul Hoffman, Joel Jaeggli, Ted Lemon,
Arturo Servin, and Paul Vixie for feedback. Edward Lewis, John Levine, George Michaelson, Ed Pascoe, Jim Reid,
Arturo Servin, Paul Vixie, Suzanne Woolf for feedback.
Christian Grothoff was also very helpful. Christian Grothoff was also very helpful.
7. References 8. References
7.1. Normative References 8.1. Normative References
[RFC1034] Mockapetris, P., "Domain names - concepts and facilities", [RFC1034] Mockapetris, P., "Domain names - concepts and facilities",
STD 13, RFC 1034, DOI 10.17487/RFC1034, November 1987, STD 13, RFC 1034, DOI 10.17487/RFC1034, November 1987,
<http://www.rfc-editor.org/info/rfc1034>. <http://www.rfc-editor.org/info/rfc1034>.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/ Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/
RFC2119, March 1997, RFC2119, March 1997,
<http://www.rfc-editor.org/info/rfc2119>. <http://www.rfc-editor.org/info/rfc2119>.
skipping to change at page 7, line 46 skipping to change at page 8, line 9
<http://www.rfc-editor.org/info/rfc6761>. <http://www.rfc-editor.org/info/rfc6761>.
[RFC7686] Appelbaum, J. and A. Muffett, "The ".onion" Special-Use [RFC7686] Appelbaum, J. and A. Muffett, "The ".onion" Special-Use
Domain Name", RFC 7686, DOI 10.17487/RFC7686, October Domain Name", RFC 7686, DOI 10.17487/RFC7686, October
2015, <http://www.rfc-editor.org/info/rfc7686>. 2015, <http://www.rfc-editor.org/info/rfc7686>.
[RFC7719] Hoffman, P., Sullivan, A., and K. Fujiwara, "DNS [RFC7719] Hoffman, P., Sullivan, A., and K. Fujiwara, "DNS
Terminology", RFC 7719, DOI 10.17487/RFC7719, December Terminology", RFC 7719, DOI 10.17487/RFC7719, December
2015, <http://www.rfc-editor.org/info/rfc7719>. 2015, <http://www.rfc-editor.org/info/rfc7719>.
7.2. Informative References 8.2. Informative References
[Dingledine2004] [Dingledine2004]
Dingledine, R., Mathewson, N., and P. Syverson, "Tor: The Dingledine, R., Mathewson, N., and P. Syverson, "Tor: The
Second-Generation Onion Router", , 8 2004, Second-Generation Onion Router", , 8 2004,
<<https://svn.torproject.org/svn/projects/design-paper/ <<https://svn.torproject.org/svn/projects/design-paper/
tor-design.html>>. tor-design.html>>.
[I-D.ietf-dnsop-nsec-aggressiveuse]
Fujiwara, K., Kato, A., and W. Kumari, "Aggressive use of
DNSSEC-validated Cache", draft-ietf-dnsop-nsec-
aggressiveuse-08 (work in progress), January 2017.
[I-D.ietf-dnsop-sutld-ps] [I-D.ietf-dnsop-sutld-ps]
Lemon, T., Droms, R., and W. Kumari, "Special-Use Names Lemon, T., Droms, R., and W. Kumari, "Special-Use Names
Problem Statement", draft-ietf-dnsop-sutld-ps-00 (work in Problem Statement", draft-ietf-dnsop-sutld-ps-02 (work in
progress), October 2016. progress), January 2017.
Appendix A. Changes / Author Notes. Appendix A. Changes / Author Notes.
[RFC Editor: Please remove this section before publication ] [RFC Editor: Please remove this section before publication ]
From -07 to -08:
o Made it clear that this is only for non-DNS.
o As per Interim consensus, removed the "add this to local zones"
text.
o Added a Privacy Considerations section
o Grammar fix -- "alternative" is more correct than "alternate",
replaced.
From -06 to -07: From -06 to -07:
o Rolled up the GItHub releases in to a full release. o Rolled up the GItHub releases in to a full release.
From -07.2 to -07.3 (GitHub point release): From -07.2 to -07.3 (GitHub point release):
Removed 'sandbox' at Stephane's suggestion - https://www.ietf.org/ Removed 'sandbox' at Stephane's suggestion - https://www.ietf.org/
mail-archive/web/dnsop/current/msg18495.html mail-archive/web/dnsop/current/msg18495.html
Suggested (in 4.1 bullet 3) that DNS libraries ignore these -- Bob Suggested (in 4.1 bullet 3) that DNS libraries ignore these -- Bob
Harold - https://mailarchive.ietf.org/arch/msg/dnsop/ Harold - https://mailarchive.ietf.org/arch/msg/dnsop/
a_ruPf8osSzi_hCzCqOxYLXhYoA a_ruPf8osSzi_hCzCqOxYLXhYoA
Added some pointers to the SUTLD document. Added some pointers to the SUTLD document.
From -07.1 to -07.2 (Github point release): From -07.1 to -07.2 (Github point release):
o Reverted the <TBD> string (at request of chairs). o Reverted the <TBD> string (at request of chairs).
 End of changes. 38 change blocks. 
111 lines changed or deleted 129 lines changed or added

This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/