The ".onion" Special-Use Domain Name

RFC 7686

Internet Engineering Task Force (IETF) J. Appelbaum Request for Comments: 7686 The Tor Project, Inc. Category: Standards Track A. Muffett ISSN: 2070-1721 Facebook October 2015 The ".onion" Special-Use Domain Name Abstract This document registers the ".onion" Special-Use Domain Name. Status of This Memo This is an Internet Standards Track document. This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 5741. Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc7686. Copyright Notice Copyright (c) 2015 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Appelbaum & Muffett Standards Track [Page 1] RFC 7686 .onion October 2015 Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1.1. Notational Conventions . . . . . . . . . . . . . . . . . 3 2. The ".onion" Special-Use Domain Name . . . . . . . . . . . . 3 3. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 4 4. Security Considerations . . . . . . . . . . . . . . . . . . . 4 5. References . . . . . . . . . . . . . . . . . . . . . . . . . 5 5.1. Normative References . . . . . . . . . . . . . . . . . . 5 5.2. Informative References . . . . . . . . . . . . . . . . . 6 Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 6 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 7 1. Introduction The Tor network [Dingledine2004] has the ability to host network services using the ".onion" Special-Use Top-Level Domain Name. Such names can be used as other domain names would be (e.g., in URLs [RFC3986]), but instead of using the DNS infrastructure, .onion names functionally correspond to the identity of a given service, thereby combining location and authentication. .onion names are used to provide access to end to end encrypted, secure, anonymized services; that is, the identity and location of the server is obscured from the client. The location of the client is obscured from the server. The identity of the client may or may not be disclosed through an optional cryptographic authentication process. .onion names are self-authenticating, in that they are derived from the cryptographic keys used by the server in a client-verifiable manner during connection establishment. As a result, the cryptographic label component of a .onion name is not intended to be human-meaningful. The Tor network is designed to not be subject to any central controlling authorities with regards to routing and service publication, so .onion names cannot be registered, assigned, transferred or revoked. "Ownership" of a .onion name is derived solely from control of a public/private key pair that corresponds to the algorithmic derivation of the name. In this way, .onion names are "special" in the sense defined by Section 3 of [RFC6761]; they require hardware and software implementations to change their handling in order to achieve the desired properties of the name (see Section 4). These differences are listed in Section 2. Appelbaum & Muffett Standards Track [Page 2] RFC 7686 .onion October 2015 Like Top-Level Domain Names, .onion names can have an arbitrary number of subdomain components. This information is not meaningful to the Tor protocol, but can be used in application protocols like HTTP [RFC7230]. Note that .onion names are required to conform with DNS name syntax (as defined in Section 3.5 of [RFC1034] and Section 2.1 of [RFC1123]), as they will still be exposed to DNS implementations.