Re: unaccessible for Tor users

Rich Kulawiec <> Tue, 15 March 2016 18:10 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 6208312D622 for <>; Tue, 15 Mar 2016 11:10:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id RvbnIlEHYyxc for <>; Tue, 15 Mar 2016 11:10:28 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 70C5C12D59F for <>; Tue, 15 Mar 2016 11:10:28 -0700 (PDT)
Received: from (localhost []) by (8.15.1/8.14.9) with SMTP id u2FIAQaB025156 for <>; Tue, 15 Mar 2016 14:10:27 -0400 (EDT)
Date: Tue, 15 Mar 2016 14:10:26 -0400
From: Rich Kulawiec <>
Subject: Re: unaccessible for Tor users
Message-ID: <>
References: <20160313143521.GC26841@Hirasawa> <> <>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <>
User-Agent: Mutt/1.5.21 (2010-09-15)
Archived-At: <>
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF-Discussion <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 15 Mar 2016 18:10:30 -0000

On Tue, Mar 15, 2016 at 08:20:45AM +0000, Jari Arkko wrote:
> The question: Yui: I was under the (perhaps mistaken) assumption that
> is generally accessible to everyone in the usual way, but that
> some blacklisted nodes will have to go through a CAPTCHA process before
> being able to continue. Is this so, or is there an experience that says
> nodes are blocked and there isn?t even a possibility to go through a
> CAPTCHA? Or is the problem that there is a CAPTCHA but you do not feel
> that it is done in a way that is appropriate? Does all this relate to
> http or https traffic?

1. Not everyone uses a web browser (with a GUI) to access every website.
Some people use text-only browsers like lynx or w3m, because they have
small resource requirements, small(er) attack surfaces, they conserve
bandwidth, and especially for sites like the IETF's, they (should) suffice

2. Not everyone uses a web browser to access every website.  Some folks
use wget or curl or similar tools, either to grab individual documents
of interest or perhaps to create local caches/mirrors.  For people
on low-bandwidth connections (or with time-limited access to high-bandwidth
connections) this is an effective way to build and retain a local stash
of items-of-interest.

Neither of these work well with captchas, Javascript, etc.

There should be *no* requirement to enable Javascript or deal with
captchas (which, and see my other message upthread about this, are a
laughably poor "defense" mechanism) or provide tracking data to third
parties, when all someone wants to do is snag a copy of an RFC or read
an email thread or otherwise avail themselves of most (if not all) IETF