# 2024-04-18 Improve Security for .rs Domains This project migrates the `.rs` domains of the Rust Project to a different registrar and sets up alternatives where it makes sense. ## Context The Infrastructure Team currently owns and manages four domains under the `.rs` TLD: - `areweasyncyet.rs` - `docs.rs` - `rfcbot.rs` - `rustup.rs` While there have not been any incidents and we even got a [supportive email from RNIDS](https://social.rust-lang.org/@rust/112140223447505474), we are mildly concerned about the security of these domains for the following reasons: - Our current registrar does not support two factor authentication. - Our current registrar does not support setting up an organization or team with individual accounts for team members. - Our current registrar does not support automatic billing. Invoices have to be paid manually with a credit card. - Credit card payments are done via an Ukrainian payment processor. - Serbia is not part of the European Union, which might make legal conflicts more difficult and expensive to resolve. - The Kosovo conflict is not resolved and tensions flare up occasionally. While most of the Western countries have recognized Kosovo's independence, Serbia has not. If the conflict ever escalates again, we might be faced with sanctions or restrictions regarding the domains. While the first four concerns are purely technical and can be solved by moving to a different registrar, the last two points cannot be resolved due to their geopolitical nature. For these, we can only implement mitigation strategies. ## Initiatives We have therefore decided to implement the following initiatives: 1. Migrate all `.rs` domains to Gandi.net 2. Set up `get.rust-lang.org` and deprecate `rustup.rs` 3. Set up `docsrs.org` as a fallback for `docs.rs` All initiatives are described in more detail below. ### Migrate All `.rs` Domains to Gandi.net We plan to migrate all `.rs` domains from our current registrar to Gandi.net to address our technical concerns. Gandi.net supports two factor authentication, individual accounts for team members, and automated billing and invoicing. The company is also headquartered in France. Late last year, we already migrated `areweasyncyet.rs` to Gandi.net to test the migration process and platform. We did not experience any issues and feel confident to migrate the remaining domains as well. ### Deprecate `rustup.rs` `rustup.rs` is a critical piece of infrastructure for the Rust Project, as it is the default path for users to download and install Rust. Given the large impact that a compromise of this domain would have, we want to deprecate its use and move the installer under the official `rust-lang.org` domain. This will increase the authority of the site and improve our security posture. The installation instructions on the website are currently hosted under `https://www.rust-lang.org/tools/install`. We can redirect `https://rustup.rs` to this path, and set up a domain like `get.rust-lang.org` that serves the Shell script that is currently served from `sh.rustup.rs`. ### Create Fallback for `docs.rs` Another mitigation strategy that we want to put in place is serving `docs.rs` from an alternative domain. We are currently considering `docsrs.org` as the best candidate, although the specific domain is an implementation detail that can be changed. We want to set up the alternative domain and ensure that it serves the same content as `docs.rs` so that we have it as a potential fallback if anything were to happen to `docs.rs`. ## Tasks We can reduce the risk of migrating the domains by implementing the mitigation strategies before we migrate the actual domains. This gives us a fallback if anything goes wrong when transferring the domains to Gandi.net. - Serve `rustup-init.sh` from an alternative domain - Redirect `rustup.rs` to installation instructions - Set up `docsrs.org` as an alternative domain for `docs.rs` - Transfer `rfcbot.rs` to Gandi.net - Transfer `rustup.rs` to Gandi.net - Transfer `docs.rs` to Gandi.net