Re: Changes regarding IETF website CDN settings and TOR networks
Linus Nordberg <linus@nordberg.se> Sat, 02 April 2016 14:52 UTC
Return-Path: <goi-ietf@m.gmane.org>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A691812D111 for <ietf@ietfa.amsl.com>; Sat, 2 Apr 2016 07:52:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.611
X-Spam-Level:
X-Spam-Status: No, score=-2.611 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fYFZ_zUY4T9P for <ietf@ietfa.amsl.com>; Sat, 2 Apr 2016 07:52:51 -0700 (PDT)
Received: from plane.gmane.org (plane.gmane.org [80.91.229.3]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BCB4D12D0A0 for <ietf@ietf.org>; Sat, 2 Apr 2016 07:52:51 -0700 (PDT)
Received: from list by plane.gmane.org with local (Exim 4.69) (envelope-from <goi-ietf@m.gmane.org>) id 1amMuu-00005G-Bg for ietf@ietf.org; Sat, 02 Apr 2016 16:52:48 +0200
Received: from smtp.adb-centralen.se ([193.10.5.129]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for <ietf@ietf.org>; Sat, 02 Apr 2016 16:52:48 +0200
Received: from linus by smtp.adb-centralen.se with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for <ietf@ietf.org>; Sat, 02 Apr 2016 16:52:48 +0200
X-Injected-Via-Gmane: http://gmane.org/
To: ietf@ietf.org
From: Linus Nordberg <linus@nordberg.se>
Subject: Re: Changes regarding IETF website CDN settings and TOR networks
Date: Sat, 02 Apr 2016 16:52:27 +0200
Lines: 59
Message-ID: <87a8lc9i6s.fsf@nordberg.se>
References: <3BD5282D-8E06-4DC5-B64F-D577326E2A5E@ietf.org> <CABtrr-XHZoO9T5hK1piy4y0zW6pxGMXfRFGcccXAMtFDrFg3fw@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain
X-Complaints-To: usenet@ger.gmane.org
X-Gmane-NNTP-Posting-Host: smtp.adb-centralen.se
User-Agent: Gnus/5.13 (Gnus v5.13)
Cancel-Lock: sha1:RpnR8O5LRJToW2rg+7iIkZxzaHo=
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf/LXES7aNZDelaEkYA6ZYdkSwd42Y>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 02 Apr 2016 14:52:55 -0000
Those of you who read the CloudFlare post might also be interested in Tor Project's recent post questioning the 94% figure: https://blog.torproject.org/blog/trouble-cloudflare Joseph Lorenzo Hall <joe@cdt.org> wrote Thu, 31 Mar 2016 22:32:57 -0700: | IETF folks may be interested in this recent cloudflare post that outlines | some potential changes to Tor -- SHA-256 hashes for hidden service certs, | move proof-of-work into TorBrowser -- that could make this a bit more | robust against automated malicious activity (unfortunate title IMO): | | http://blog.cloudflare.com/the-trouble-with-tor/ | | On Monday, March 28, 2016, IETF Chair <chair@ietf.org> wrote: | | > Based on earlier feedback on IETF discussion list, the IAOC has decided to | > ask the IETF network admins to make a change with regards to how our CDN | > serves clients coming from TOR networks. | > | > For background, our website uses a number of techniques to help combat | > denial-of-service attacks. One of these mechanisms was based on CAPTCHAs | > that were triggered, in particular, for some users when accessing the IETF | > web site for the first time and heuristically identified as coming from a | > TOR exit node. Once the CAPTCHA is passed, the user was able to browse | > normally. However, in the process of performing the CAPTCHA and accessing | > the IETF website, cookies and scripts are used, which was a concern for | > some users. | > | > Information on the IETF website is meant to be public, and should be | > openly accessible for as broad consumption as technically and practically | > possible. When there are groups of people whose access to the website is | > for some reason problematic, we try to accommodate better access, no matter | > who makes such request, within the bounds of what is practical, of course, | > and considering the potential effects of denial-of-service attacks and | > other issues. | > | > The change in our settings is to no longer perform CAPTCHAs or other extra | > mechanisms for clients coming from TOR networks. Behaviour for other users | > should not be affected, though it is an open question whether any | > significant denial-of-service attacks could be launched from these networks. | > | > Please note that the our admins are monitoring the situation, and have the | > ability to change this configuration at any time. So if the TOR exit nodes | > are the source of an attack, for instance, the configuration could be | > adjusted again. And of course, further actions regarding how the IETF | > website is run are based on our experiences from current and past setups, | > and your feedback. | > | > Jari Arkko, IETF Chair | > | | | -- | Joseph Lorenzo Hall | Chief Technologist, Center for Democracy & Technology [https://www.cdt.org]e: joe@cdt.org, p: 202.407.8825, pgp: https://josephhall.org/gpg-keyFingerprint: 3CA2 8D7B 9F6D DBD3 4B10 1607 5F86 6987 40A9 A871 | | CDT's annual dinner, Tech Prom, is April 6, 2016! | https://cdt.org/annual-dinner
- Changes regarding IETF website CDN settings and T… IETF Chair
- Re: Changes regarding IETF website CDN settings a… Joseph Lorenzo Hall
- Re: Changes regarding IETF website CDN settings a… Linus Nordberg