Re: ietf.org unaccessible for Tor users
Phillip Hallam-Baker <phill@hallambaker.com> Tue, 15 March 2016 13:05 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5408C12D572 for <ietf@ietfa.amsl.com>; Tue, 15 Mar 2016 06:05:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.35
X-Spam-Level:
X-Spam-Status: No, score=-2.35 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.249, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2aYvDDnBl6sP for <ietf@ietfa.amsl.com>; Tue, 15 Mar 2016 06:05:19 -0700 (PDT)
Received: from mail-lb0-x22d.google.com (mail-lb0-x22d.google.com [IPv6:2a00:1450:4010:c04::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6C3CB12D595 for <ietf@ietf.org>; Tue, 15 Mar 2016 06:05:11 -0700 (PDT)
Received: by mail-lb0-x22d.google.com with SMTP id k12so21752351lbb.1 for <ietf@ietf.org>; Tue, 15 Mar 2016 06:05:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc; bh=Fi2IdMfbCs5H4stK3ml7Bbcagw1j+UTBDk9rKaFA9ic=; b=EFLKx860O795HfmZhKgKM/ySZpJ1zecXxH7djQrs6lMbb+o2aVh1HRSrXwnjMRLd0v y0xDXrnvPcZVYyxcvhQNzGKBmeuRHq5b4sHsAvpl6eDMV95Yk5gmO4XhpuSbvdxfQflG gGRDU7egfGYKf7pjvmSH7t5WsUNp8ud3vPXJ2WCip9C0zLro/X3N3dHDK9WbEPdblhaY MbBnYhANkAVYEoqxR4P41YX50elS7OzbKuU73Aqe70VDnLFm0ztc3SIqelCpxwMMku+a kRJXfp62fzIFxeEcedGFrqPrH8bNR6ejPa78gk9JS8FrCfTrN/jBtsP641FpuIpA7OT2 LzHw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:date :message-id:subject:from:to:cc; bh=Fi2IdMfbCs5H4stK3ml7Bbcagw1j+UTBDk9rKaFA9ic=; b=gNz0cT7MvmBVuWiHHRUiSZiAgJO1g0yr+QUS9vjcbP3QiWLKa17vF5gbKFuxjqZ/Xw ET8TaSBqdX0XkxN4ZKwslPURsfAJTXieDYk8FYIcw4xDM8IHXxsNw/ZUssey5OUsMeM1 GxZy3CrxbeIUZwlxYInMfsJFgFfaGbRksVWM7FOo3TxdLvI6aaoRJ2w2TfxlCgtnBx4G 3hYqjtfFdnmk4M/iQAfwQLnckefc4EWE/AAaHUjnHxXmCzp9ygAywUhnx3lZkTblr8r7 DHsZOagQ5I0SNRwL0yFt+FOi28inYfBiwFO/hq8bfowl/JYD5CGYaOjxq7NzqCtf5x2h D5ig==
X-Gm-Message-State: AD7BkJJTIdHmLPqNBwScc/LxqyN/fvXg+3EbBUOHzHx6ZzK+gQla+AKoGPz4T5CBQeLQzBX+7hp3pgA1GQS3GA==
MIME-Version: 1.0
X-Received: by 10.25.90.21 with SMTP id o21mr7631317lfb.166.1458047109624; Tue, 15 Mar 2016 06:05:09 -0700 (PDT)
Sender: hallam@gmail.com
Received: by 10.112.151.67 with HTTP; Tue, 15 Mar 2016 06:05:09 -0700 (PDT)
In-Reply-To: <m237rrsy5h.wl%randy@psg.com>
References: <m2a8m0y72q.wl%randy@psg.com> <20160315002604.15726.qmail@ary.lan> <CACRMD1Gp_3xjanC+YXLrwo9FMcDay1JQ6YPtAS1tTqk+C_AUVg@mail.gmail.com> <alpine.OSX.2.11.1603150755160.47203@ary.lan> <m237rrsy5h.wl%randy@psg.com>
Date: Tue, 15 Mar 2016 09:05:09 -0400
X-Google-Sender-Auth: 8R3xrKp55JDR7FV6C38lKrIQ-Og
Message-ID: <CAMm+Lwhb7Z6mKE2=JEhLJZ5zVvpzashNW2utDK5TCVvH0qn9-w@mail.gmail.com>
Subject: Re: ietf.org unaccessible for Tor users
From: Phillip Hallam-Baker <phill@hallambaker.com>
To: Randy Bush <randy@psg.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf/1SzEDBNOV5Dxqs86LSycw5-33Tw>
Cc: John R Levine <johnl@taugh.com>, IETF <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Mar 2016 13:05:21 -0000
Perhaps what we really need is a configuration that recognizes the two security requirements: 1) Defend ietf.org from DDoS attack 2) Provide access to Tor users. The first requirement is at least as important as the first. Sln1: If it is possible, perhaps the Cloudflare config could be set up so that connections over Tor go to one particular server that is run by IETF direct and not in the critical path. Broken: You would have to have the site in the IETF server room and where there is a site, there is a pipe and it is really the pipe that is DDoSed. Sln2: Can Cloudflare adjust their CAPTCHA scheme so that it only queries users if an attack is actually in progress. Question: Is this what they do already? Was the CAPTCHA showing up because of a dumb blacklist or was it showing up because the IP was on a blacklist AND that IP was currently performing a DDoS AND that DDoS was aimed at ietf.org? I suspect IETF use is atypical where Tor is concerned. Most sites probably just want to shut Tor exit nodes out.
- ietf.org unaccessible for Tor users Yui Hirasawa
- Re: ietf.org unaccessible for Tor users Randy Bush
- Re: ietf.org unaccessible for Tor users John Levine
- Re: ietf.org unaccessible for Tor users Andrew Sullivan
- RE: ietf.org unaccessible for Tor users Michel Py
- Re: ietf.org unaccessible for Tor users Narelle
- Re: ietf.org unaccessible for Tor users Yoav Nir
- Re: ietf.org unaccessible for Tor users Randy Bush
- Re: ietf.org unaccessible for Tor users Leif Johansson
- Re: ietf.org unaccessible for Tor users Jari Arkko
- Re: ietf.org unaccessible for Tor users Jari Arkko
- Re: ietf.org unaccessible for Tor users Paul Wouters
- Re: ietf.org unaccessible for Tor users Leif Johansson
- Re: ietf.org unaccessible for Tor users Eliot Lear
- Re: ietf.org unaccessible for Tor users Christian de Larrinaga
- Re: ietf.org unaccessible for Tor users Eliot Lear
- Re: ietf.org unaccessible for Tor users Alec Muffett
- Re: ietf.org unaccessible for Tor users Stephen Farrell
- Re: ietf.org unaccessible for Tor users Rich Kulawiec
- Re: ietf.org unaccessible for Tor users Eliot Lear
- Re: ietf.org unaccessible for Tor users Jari Arkko
- Re: ietf.org unaccessible for Tor users Christian de Larrinaga
- Re: ietf.org unaccessible for Tor users Stephen Farrell
- Re: ietf.org unaccessible for Tor users Leif Johansson
- RE: ietf.org unaccessible for Tor users Ted Lemon
- Re: ietf.org unaccessible for Tor users Alec Muffett
- Re: ietf.org unaccessible for Tor users John R Levine
- Re: ietf.org unaccessible for Tor users Christian de Larrinaga
- Re: ietf.org unaccessible for Tor users John Kristoff
- Re: ietf.org unaccessible for Tor users Antonio Prado
- Re: ietf.org unaccessible for Tor users John R Levine
- Re: ietf.org unaccessible for Tor users Rich Kulawiec
- Re: ietf.org unaccessible for Tor users Randy Bush
- Re: ietf.org unaccessible for Tor users Eliot Lear
- Re: ietf.org unaccessible for Tor users Phillip Hallam-Baker
- Re: ietf.org unaccessible for Tor users Alec Muffett
- Re: ietf.org unaccessible for Tor users Leif Johansson
- Re: ietf.org unaccessible for Tor users Alec Muffett
- Re: ietf.org unaccessible for Tor users Michael Richardson
- Re: ietf.org unaccessible for Tor users Michael Richardson
- Re: ietf.org unaccessible for Tor users Eliot Lear
- Re: ietf.org unaccessible for Tor users Randy Bush
- Re: ietf.org unaccessible for Tor users Stephen Farrell
- Re: ietf.org unaccessible for Tor users Tim Chown
- Re: ietf.org unaccessible for Tor users John Levine
- RE: ietf.org unaccessible for Tor users Michel Py
- Re: ietf.org unaccessible for Tor users Leif Johansson
- RE: ietf.org unaccessible for Tor users Michel Py
- Re: ietf.org unaccessible for Tor users Alec Muffett
- Re: ietf.org unaccessible for Tor users Rich Kulawiec
- Re: ietf.org unaccessible for Tor users John R Levine
- Re: ietf.org unaccessible for Tor users Theodore V Faber
- Re: ietf.org unaccessible for Tor users John Kristoff
- Re: ietf.org unaccessible for Tor users John R Levine
- Re: ietf.org unaccessible for Tor users Leif Johansson
- Re: ietf.org unaccessible for Tor users Randy Bush
- Re: ietf.org unaccessible for Tor users Randy Bush
- Re: ietf.org unaccessible for Tor users lloyd.wood
- Re: ietf.org unaccessible for Tor users Leif Johansson
- Re: ietf.org unaccessible for Tor users Eliot Lear
- Re: ietf.org unaccessible for Tor users Randy Bush
- Re: ietf.org unaccessible for Tor users Eliot Lear
- Re: ietf.org unaccessible for Tor users Randy Bush
- Re: ietf.org unaccessible for Tor users Eliot Lear
- Re: ietf.org unaccessible for Tor users lloyd.wood
- Re: ietf.org unaccessible for Tor users Warren Kumari
- Re: ietf.org unaccessible for Tor users Dave Cridland
- Re: ietf.org unaccessible for Tor users Leif Johansson
- Re: ietf.org unaccessible for Tor users Rich Kulawiec
- Re: ietf.org unaccessible for Tor users Randy Bush
- Re: ietf.org unaccessible for Tor users Paul Wouters
- Re: ietf.org unaccessible for Tor users Jari Arkko
- Re: ietf.org unaccessible for Tor users Jari Arkko
- Re: ietf.org unaccessible for Tor users Rich Kulawiec
- Re: ietf.org unaccessible for Tor users Adam Roach
- Re: ietf.org unaccessible for Tor users Michael StJohns
- Re: ietf.org unaccessible for Tor users Eliot Lear
- Re: ietf.org unaccessible for Tor users Adam Roach
- Re: ietf.org unaccessible for Tor users Eliot Lear
- Re: ietf.org unaccessible for Tor users Adam Roach
- Re: ietf.org unaccessible for Tor users Linus Nordberg
- Re: ietf.org unaccessible for Tor users Michael StJohns
- Re: ietf.org unaccessible for Tor users Adam Roach
- RE: ietf.org unaccessible for Tor users Tony Hain
- Re: ietf.org unaccessible for Tor users Rich Kulawiec
- Re: ietf.org unaccessible for Tor users Michael StJohns
- RE: ietf.org unaccessible for Tor users Michel Py
- RE: ietf.org unaccessible for Tor users Michel Py
- RE: ietf.org unaccessible for Tor users John C Klensin
- Re: ietf.org unaccessible for Tor users Adam Roach
- Re: ietf.org unaccessible for Tor users Stephen Farrell
- RE: ietf.org unaccessible for Tor users Tony Hain
- Re: ietf.org unaccessible for Tor users Michael StJohns
- Re: ietf.org unaccessible for Tor users Michael StJohns
- Re: ietf.org unaccessible for Tor users Randy Bush
- Re: ietf.org unaccessible for Tor users Warren Kumari
- Re: ietf.org unaccessible for Tor users Leif Johansson
- Re: ietf.org unaccessible for Tor users Leif Johansson
- Re: ietf.org end-to-end principle Stefan Winter
- Re: ietf.org end-to-end principle Stefan Winter
- RE: ietf.org end-to-end principle Varma, Eve (Nokia - US)
- Re: ietf.org end-to-end principle DIEGO LOPEZ GARCIA
- Re: ietf.org end-to-end principle Stephen Farrell
- Re: ietf.org end-to-end principle DIEGO LOPEZ GARCIA
- Re: ietf.org unaccessible for Tor users Linus Nordberg
- Re: ietf.org end-to-end principle Jari Arkko
- Re: ietf.org end-to-end principle Phillip Hallam-Baker
- Re: ietf.org end-to-end principle Stefan Winter
- RE: ietf.org end-to-end principle Josh Howlett
- RE: ietf.org end-to-end principle Josh Howlett
- Re: ietf.org end-to-end principle Melinda Shore
- Re: ietf.org end-to-end principle joel jaeggli
- Re: ietf.org end-to-end principle Eliot Lear
- Re: ietf.org end-to-end principle lloyd.wood
- Re: ietf.org end-to-end principle Leif Johansson
- RE: ietf.org end-to-end principle Josh Howlett
- Re: ietf.org end-to-end principle joel jaeggli
- Re: ietf.org end-to-end principle Dave Crocker
- Re: ietf.org end-to-end principle Jari Arkko
- Re: ietf.org end-to-end principle DIEGO LOPEZ GARCIA
- RE: ietf.org end-to-end principle Hui Deng
- Re: ietf.org end-to-end principle Joe Touch