IETF Logo Mail Archive

Re: ietf.org unaccessible for Tor users

Alec Muffett <alecm@fb.com> Tue, 15 March 2016 10:52 UTC

Return-Path: <prvs=2882ba8273=alecm@fb.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C407A12D535 for <ietf@ietfa.amsl.com>; Tue, 15 Mar 2016 03:52:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.72
X-Spam-Level:
X-Spam-Status: No, score=-2.72 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=fb.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FqacsJ8mUvS0 for <ietf@ietfa.amsl.com>; Tue, 15 Mar 2016 03:52:19 -0700 (PDT)
Received: from mx0a-00082601.pphosted.com (mx0a-00082601.pphosted.com [67.231.145.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 63BF112D533 for <ietf@ietf.org>; Tue, 15 Mar 2016 03:52:19 -0700 (PDT)
Received: from pps.filterd (m0044010.ppops.net [127.0.0.1]) by mx0a-00082601.pphosted.com (8.16.0.11/8.16.0.11) with SMTP id u2FAphOF010294; Tue, 15 Mar 2016 03:52:15 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fb.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=facebook; bh=Px72IISuGygGoAqnvJgrc/gOP5Vh2FMv5Lt6PnVpzv4=; b=cjupl6+d3r1W4Li/itlURU9utPHvwVCPjOj+NqEgBifjbFJuM3tPc3Ol8nS+zbbGjN7L Br+Q3UPW/4BheHfweFWY2FB8jPoJFkOK2giGAruwrNiPUDTivrjfXtEMPemE4c3LmQlJ 4/i89BKWfmE+u4LoJnh5gGhUQ7gMOOl4DOA=
Received: from mail.thefacebook.com ([199.201.64.23]) by mx0a-00082601.pphosted.com with ESMTP id 21pbk4174g-1 (version=TLSv1 cipher=AES128-SHA bits=128 verify=NOT); Tue, 15 Mar 2016 03:52:15 -0700
Received: from PRN-MBX02-4.TheFacebook.com ([169.254.2.215]) by PRN-CHUB06.TheFacebook.com ([fe80::f073:2a60:c133:4d69%12]) with mapi id 14.03.0248.002; Tue, 15 Mar 2016 03:52:14 -0700
From: Alec Muffett <alecm@fb.com>
To: Eliot Lear <lear@cisco.com>, IETF Disgust List <ietf@ietf.org>
Subject: Re: ietf.org unaccessible for Tor users
Thread-Topic: ietf.org unaccessible for Tor users
Thread-Index: AQHRfgLB+RUL/0piL0GFmq6KqbJrIZ9aCzuAgACVPICAAB/kgIAACnWA
Date: Tue, 15 Mar 2016 10:52:12 +0000
Message-ID: <CAF84FB2-A370-4093-A4D0-59E078E6D299@fb.com>
References: <20160313143521.GC26841@Hirasawa> <m2a8m0y72q.wl%randy@psg.com> <F04B3B85-6B14-43BA-9A21-FC0A31E79065@piuha.net> <56E7E09D.7040100@cisco.com>
In-Reply-To: <56E7E09D.7040100@cisco.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [192.168.54.13]
Content-Type: multipart/alternative; boundary="_000_CAF84FB2A3704093A4D059E078E6D299fbcom_"
MIME-Version: 1.0
X-Proofpoint-Spam-Reason: safe
X-FB-Internal: Safe
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2016-03-15_04:, , signatures=0
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf/8UA-heglr-leMqRW68FTPmN_lZQ>
Cc: Yui Hirasawa <yui@cock.li>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Mar 2016 10:52:21 -0000

I'm going to express my personal views here, though I believe they're both cogent and sane:

On Mar 15, 2016, at 10:14 AM, Eliot Lear <lear@cisco.com<mailto:lear@cisco.com>> wrote:
On 3/15/16 9:20 AM, Jari Arkko wrote:
I don’t have a solution, but I wanted to say that I feel the pain.

It is important that IETF documents are accessible via Tor.

I'll bite: why is it important that IETF documents be accessible via Tor?

Because Tor is another browser - actually several browsers, especially with Orbot meaning that a **lot** of Android users transparently sit behind it - and Tor is being used by a huge number of people.

I have three distinct lines of though regarding this:

= Accessibility =

We have long since left behind the world of "This Website is Best Viewed Using [browser] in 1024x768 Screensize!" - because accessibility is important.

We don't pick-and-choose what browsers people use to access websites any more, we embrace communication and leave them to render content in their preferred way, from Tor through Chrome to screen-readers.

= Threat Models =

Is it really in your best interests to block people from your website?

If you're mostly a read-only site - and the IETF site appears to be onesuch - then I would be amazed if a DDoS attack would come via Tor when it would be so much more effective and easier to set up coming from some random Botnet.

Simple economics suggest that the best way to knock the IETF website offline is to use a Botnet - so if (and perhaps I am wrong) the IETF wants to defend itself against DDoS, to block Tor is to defend yourself against the wrong tuple of (threat, actor) - if Tor is a threat to the IETF website at all.

If IETF was worried about having its content scraped-and-duplicated, yes I could totally see Tor as a risk to the IETF website; but I am not aware of that being part of the IETF threat model, else you'd require logged-in access already.

= Addresses Are Not People =

IP Reputation Systems are (at best) a hint, not a panacea, and we should remember that.

Elsewhere - to politicians, to activists - I've had to repeatedly explain that "1 IP Address != 1 Human Being", that you can't simply arrest the person who pays the ISP because their IP address apparently downloaded a movie; yet sometimes we are weirdly blind to the inverse, we seem happy to draw red lines* around chunks of internet space and call them "bad places", where only "unpeople" live.

It's not really logical to hold both perspectives firmly and simultaneously - sometimes an IP address is just one person.  And - conversely - behind those red lines drawn on the network map are an enormous number of normal, good people.  Probably more good people than bad.

So why make communication and participation harder for them?

    -a

* https://en.wikipedia.org/wiki/Redlining

--

v2.23.0 | Report a Bug | By Email