The ".onion" Special-Use Domain Name
RFC 7686

Document Type RFC - Proposed Standard (October 2015; No errata)
Last updated 2015-10-23
Replaces draft-appelbaum-dnsop-onion-tld
Stream IETF
Formats plain text pdf html bibtex
Reviews
Stream WG state Submitted to IESG for Publication
Document shepherd Tim Wicinski
Shepherd write-up Show (last changed 2015-06-20)
IESG IESG state RFC 7686 (Proposed Standard)
Consensus Boilerplate Yes
Telechat date
Responsible AD Joel Jaeggli
Send notices to (None)
IANA IANA review state Version Changed - Review Needed
IANA action state RFC-Ed-Ack
Internet Engineering Task Force (IETF)                      J. Appelbaum
Request for Comments: 7686                         The Tor Project, Inc.
Category: Standards Track                                     A. Muffett
ISSN: 2070-1721                                                 Facebook
                                                            October 2015

                  The ".onion" Special-Use Domain Name

Abstract

   This document registers the ".onion" Special-Use Domain Name.

Status of This Memo

   This is an Internet Standards Track document.

   This document is a product of the Internet Engineering Task Force
   (IETF).  It represents the consensus of the IETF community.  It has
   received public review and has been approved for publication by the
   Internet Engineering Steering Group (IESG).  Further information on
   Internet Standards is available in Section 2 of RFC 5741.

   Information about the current status of this document, any errata,
   and how to provide feedback on it may be obtained at
   http://www.rfc-editor.org/info/rfc7686.

Copyright Notice

   Copyright (c) 2015 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Appelbaum & Muffett          Standards Track                    [Page 1]
RFC 7686                         .onion                     October 2015

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
     1.1.  Notational Conventions  . . . . . . . . . . . . . . . . .   3
   2.  The ".onion" Special-Use Domain Name  . . . . . . . . . . . .   3
   3.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   4
   4.  Security Considerations . . . . . . . . . . . . . . . . . . .   4
   5.  References  . . . . . . . . . . . . . . . . . . . . . . . . .   5
     5.1.  Normative References  . . . . . . . . . . . . . . . . . .   5
     5.2.  Informative References  . . . . . . . . . . . . . . . . .   6
   Acknowledgements  . . . . . . . . . . . . . . . . . . . . . . . .   6
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .   7

1.  Introduction

   The Tor network [Dingledine2004] has the ability to host network
   services using the ".onion" Special-Use Top-Level Domain Name.  Such
   names can be used as other domain names would be (e.g., in URLs
   [RFC3986]), but instead of using the DNS infrastructure, .onion names
   functionally correspond to the identity of a given service, thereby
   combining location and authentication.

   .onion names are used to provide access to end to end encrypted,
   secure, anonymized services; that is, the identity and location of
   the server is obscured from the client.  The location of the client
   is obscured from the server.  The identity of the client may or may
   not be disclosed through an optional cryptographic authentication
   process.

   .onion names are self-authenticating, in that they are derived from
   the cryptographic keys used by the server in a client-verifiable
   manner during connection establishment.  As a result, the
   cryptographic label component of a .onion name is not intended to be
   human-meaningful.

   The Tor network is designed to not be subject to any central
   controlling authorities with regards to routing and service
   publication, so .onion names cannot be registered, assigned,
   transferred or revoked.  "Ownership" of a .onion name is derived
   solely from control of a public/private key pair that corresponds to
   the algorithmic derivation of the name.

   In this way, .onion names are "special" in the sense defined by
   Section 3 of [RFC6761]; they require hardware and software
   implementations to change their handling in order to achieve the
   desired properties of the name (see Section 4).  These differences
   are listed in Section 2.

Appelbaum & Muffett          Standards Track                    [Page 2]
RFC 7686                         .onion                     October 2015

   Like Top-Level Domain Names, .onion names can have an arbitrary
   number of subdomain components.  This information is not meaningful
Show full document text