Re: ietf.org unaccessible for Tor users
Michael StJohns <mstjohns@comcast.net> Thu, 17 March 2016 01:40 UTC
Return-Path: <mstjohns@comcast.net>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F11F112D7FE for <ietf@ietfa.amsl.com>; Wed, 16 Mar 2016 18:40:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=comcast.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id K2ECkK4VrAVg for <ietf@ietfa.amsl.com>; Wed, 16 Mar 2016 18:40:53 -0700 (PDT)
Received: from resqmta-po-07v.sys.comcast.net (resqmta-po-07v.sys.comcast.net [IPv6:2001:558:fe16:19:96:114:154:166]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 62C2512D7AE for <ietf@ietf.org>; Wed, 16 Mar 2016 18:40:53 -0700 (PDT)
Received: from resomta-po-06v.sys.comcast.net ([96.114.154.230]) by resqmta-po-07v.sys.comcast.net with comcast id WpgL1s0024yXVJQ01pgtlz; Thu, 17 Mar 2016 01:40:53 +0000
Received: from [192.168.1.113] ([69.255.115.150]) by resomta-po-06v.sys.comcast.net with comcast id Wpgr1s0093Em2Kp01pgrJT; Thu, 17 Mar 2016 01:40:52 +0000
Subject: Re: ietf.org unaccessible for Tor users
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, Adam Roach <adam@nostrum.com>, ietf@ietf.org
References: <20160313143521.GC26841@Hirasawa> <m2a8m0y72q.wl%randy@psg.com> <F04B3B85-6B14-43BA-9A21-FC0A31E79065@piuha.net> <56E7E09D.7040100@cisco.com> <4349AFDD-350C-4217-9BEE-3DBD2F608F95@nohats.ca> <27177.1458050662@obiwan.sandelman.ca> <m2k2l3qud5.wl%randy@psg.com> <56E90304.3050407@cisco.com> <m2bn6eq59r.wl%randy@psg.com> <56E904A7.80200@cisco.com> <m2a8lyq4ud.wl%randy@psg.com> <56E90BF9.4090306@cisco.com> <56E9AC23.8060109@nostrum.com> <56E9B436.2090203@cisco.com> <56E9B543.9080000@nostrum.com> <56E9B5FF.1080301@cisco.com> <56E9B836.9080601@nostrum.com> <56E9C0CA.7040006@comcast.net> <56E9C258.7000108@nostrum.com> <56E9C6DE.6010807@comcast.net> <56E9D4EB.6030601@cs.tcd.ie>
From: Michael StJohns <mstjohns@comcast.net>
Message-ID: <56EA0B4C.3060606@comcast.net>
Date: Wed, 16 Mar 2016 21:41:32 -0400
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.6.0
MIME-Version: 1.0
In-Reply-To: <56E9D4EB.6030601@cs.tcd.ie>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcast.net; s=q20140121; t=1458178853; bh=NBPL/jK90+UCExixP9BWuztkiU0JAtmS5CQE+xqh9Lc=; h=Received:Received:Subject:To:From:Message-ID:Date:MIME-Version: Content-Type; b=UfbxLY3fCm50Sv+81V3oHWunV2yE+e2fuSZT5MX9GHW+Daybyt8QTYQGtrON3I3r+ qW/2zzJOyWZyQ57DlAF7EcQQsTFJHssyhZOLmKahF2qguxkHhQxwnyRLIQ2JieawGR 6Cr8MgWtJkb3LXAhPXibCQmV8gTjYS686sybLHlBzdeXeXWmwSZqX4pytwaj/Ey0Pt +kj0JkQQC+IQaio2Ky4TFePbnwMUa7pkNg357EWGsCPRN8rRDHUOliEzkzpbyIa3Nu VppQs9njeOcUXexUjDCXChIJqx0xQp56sXvi/VkDzJeeWe9PzazHJbzD4fQAU6cJya 1cPFu8O74uhew==
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf/T8P5U2wn_0eY8DhqXoMi-iUlRFc>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Mar 2016 01:40:55 -0000
On 3/16/2016 5:49 PM, Stephen Farrell wrote: > Mike, > > On 16/03/16 20:49, Michael StJohns wrote: >> Fair enough - so you're asking me to take it on faith that there is a >> real problem and that it effects sufficient numbers of folks that the >> IETF should spend *its* money and effort to fix? > Did you miss the mail upthread where it was pointed out that > removing the restriction is a simple checkbox which I assume > costs no more money than we're giving CF already? I didn't miss that. Did you miss that turning it off may allow malicious traffic? That malicious traffic may have a cost? Or that this isn't targeted specifically against TOR, but against any site with a sufficiently bad reputation? Or that many TOR sites have a bad reputation? My guess is that you didn't miss any of this, but I repeated it just in case. That said, I think your next paragraph is a reasonable way forward. But that I do think there will be a cost to turn it off because someone will have to monitor and evaluate (and possibly remediate) if there is a problem. To be clear, are you arguing for turning off Captcha in in circumstances? Or just giving TOR a pass? Can we leave it on for anything that requires an IETF login? > > If we allow Tor access and that turns out to be a source of > problems, then I do think we ought re-evaluate, but I don't > think there's any cost here to the IETF to turn off the > restriction. > > And to clarify another thing: this is not only about the captcha, > in testing today using TBB sometimes one gets access, sometimes > one gets a captcha and sometimes access is denied with no captca. > It seems to depend on the exit node IP. As I understand it, CF scores IP addresses based on reported "badness". If you're on TOR and you pick (or have picked for you) an exit router that's got a high badness score, then you get a Captcha at the IETF (and other CF sites). My understanding is that if you come from non Tor sites with high badness scores you will also get a Captcha. The specific problem( for us)/benefit(for the TOR users) is that you can't differentiate from the good TOR connections (if any) vs the bad TOR connections coming from the same tor exit router. Captcha is there to try and establish there is some sort of human behind the connection and to provide some protection against automated attacks. What's interesting about your comment is that there is enough differentiation in TOR output that different nodes score differently at CF. It suggests to me that TOR may not be cleaning up it's fingerprints as well as it would like. Later, Mike > > Cheers, > S. >
- ietf.org unaccessible for Tor users Yui Hirasawa
- Re: ietf.org unaccessible for Tor users Randy Bush
- Re: ietf.org unaccessible for Tor users John Levine
- Re: ietf.org unaccessible for Tor users Andrew Sullivan
- RE: ietf.org unaccessible for Tor users Michel Py
- Re: ietf.org unaccessible for Tor users Narelle
- Re: ietf.org unaccessible for Tor users Yoav Nir
- Re: ietf.org unaccessible for Tor users Randy Bush
- Re: ietf.org unaccessible for Tor users Leif Johansson
- Re: ietf.org unaccessible for Tor users Jari Arkko
- Re: ietf.org unaccessible for Tor users Jari Arkko
- Re: ietf.org unaccessible for Tor users Paul Wouters
- Re: ietf.org unaccessible for Tor users Leif Johansson
- Re: ietf.org unaccessible for Tor users Eliot Lear
- Re: ietf.org unaccessible for Tor users Christian de Larrinaga
- Re: ietf.org unaccessible for Tor users Eliot Lear
- Re: ietf.org unaccessible for Tor users Alec Muffett
- Re: ietf.org unaccessible for Tor users Stephen Farrell
- Re: ietf.org unaccessible for Tor users Rich Kulawiec
- Re: ietf.org unaccessible for Tor users Eliot Lear
- Re: ietf.org unaccessible for Tor users Jari Arkko
- Re: ietf.org unaccessible for Tor users Christian de Larrinaga
- Re: ietf.org unaccessible for Tor users Stephen Farrell
- Re: ietf.org unaccessible for Tor users Leif Johansson
- RE: ietf.org unaccessible for Tor users Ted Lemon
- Re: ietf.org unaccessible for Tor users Alec Muffett
- Re: ietf.org unaccessible for Tor users John R Levine
- Re: ietf.org unaccessible for Tor users Christian de Larrinaga
- Re: ietf.org unaccessible for Tor users John Kristoff
- Re: ietf.org unaccessible for Tor users Antonio Prado
- Re: ietf.org unaccessible for Tor users John R Levine
- Re: ietf.org unaccessible for Tor users Rich Kulawiec
- Re: ietf.org unaccessible for Tor users Randy Bush
- Re: ietf.org unaccessible for Tor users Eliot Lear
- Re: ietf.org unaccessible for Tor users Phillip Hallam-Baker
- Re: ietf.org unaccessible for Tor users Alec Muffett
- Re: ietf.org unaccessible for Tor users Leif Johansson
- Re: ietf.org unaccessible for Tor users Alec Muffett
- Re: ietf.org unaccessible for Tor users Michael Richardson
- Re: ietf.org unaccessible for Tor users Michael Richardson
- Re: ietf.org unaccessible for Tor users Eliot Lear
- Re: ietf.org unaccessible for Tor users Randy Bush
- Re: ietf.org unaccessible for Tor users Stephen Farrell
- Re: ietf.org unaccessible for Tor users Tim Chown
- Re: ietf.org unaccessible for Tor users John Levine
- RE: ietf.org unaccessible for Tor users Michel Py
- Re: ietf.org unaccessible for Tor users Leif Johansson
- RE: ietf.org unaccessible for Tor users Michel Py
- Re: ietf.org unaccessible for Tor users Alec Muffett
- Re: ietf.org unaccessible for Tor users Rich Kulawiec
- Re: ietf.org unaccessible for Tor users John R Levine
- Re: ietf.org unaccessible for Tor users Theodore V Faber
- Re: ietf.org unaccessible for Tor users John Kristoff
- Re: ietf.org unaccessible for Tor users John R Levine
- Re: ietf.org unaccessible for Tor users Leif Johansson
- Re: ietf.org unaccessible for Tor users Randy Bush
- Re: ietf.org unaccessible for Tor users Randy Bush
- Re: ietf.org unaccessible for Tor users lloyd.wood
- Re: ietf.org unaccessible for Tor users Leif Johansson
- Re: ietf.org unaccessible for Tor users Eliot Lear
- Re: ietf.org unaccessible for Tor users Randy Bush
- Re: ietf.org unaccessible for Tor users Eliot Lear
- Re: ietf.org unaccessible for Tor users Randy Bush
- Re: ietf.org unaccessible for Tor users Eliot Lear
- Re: ietf.org unaccessible for Tor users lloyd.wood
- Re: ietf.org unaccessible for Tor users Warren Kumari
- Re: ietf.org unaccessible for Tor users Dave Cridland
- Re: ietf.org unaccessible for Tor users Leif Johansson
- Re: ietf.org unaccessible for Tor users Rich Kulawiec
- Re: ietf.org unaccessible for Tor users Randy Bush
- Re: ietf.org unaccessible for Tor users Paul Wouters
- Re: ietf.org unaccessible for Tor users Jari Arkko
- Re: ietf.org unaccessible for Tor users Jari Arkko
- Re: ietf.org unaccessible for Tor users Rich Kulawiec
- Re: ietf.org unaccessible for Tor users Adam Roach
- Re: ietf.org unaccessible for Tor users Michael StJohns
- Re: ietf.org unaccessible for Tor users Eliot Lear
- Re: ietf.org unaccessible for Tor users Adam Roach
- Re: ietf.org unaccessible for Tor users Eliot Lear
- Re: ietf.org unaccessible for Tor users Adam Roach
- Re: ietf.org unaccessible for Tor users Linus Nordberg
- Re: ietf.org unaccessible for Tor users Michael StJohns
- Re: ietf.org unaccessible for Tor users Adam Roach
- RE: ietf.org unaccessible for Tor users Tony Hain
- Re: ietf.org unaccessible for Tor users Rich Kulawiec
- Re: ietf.org unaccessible for Tor users Michael StJohns
- RE: ietf.org unaccessible for Tor users Michel Py
- RE: ietf.org unaccessible for Tor users Michel Py
- RE: ietf.org unaccessible for Tor users John C Klensin
- Re: ietf.org unaccessible for Tor users Adam Roach
- Re: ietf.org unaccessible for Tor users Stephen Farrell
- RE: ietf.org unaccessible for Tor users Tony Hain
- Re: ietf.org unaccessible for Tor users Michael StJohns
- Re: ietf.org unaccessible for Tor users Michael StJohns
- Re: ietf.org unaccessible for Tor users Randy Bush
- Re: ietf.org unaccessible for Tor users Warren Kumari
- Re: ietf.org unaccessible for Tor users Leif Johansson
- Re: ietf.org unaccessible for Tor users Leif Johansson
- Re: ietf.org end-to-end principle Stefan Winter
- Re: ietf.org end-to-end principle Stefan Winter
- RE: ietf.org end-to-end principle Varma, Eve (Nokia - US)
- Re: ietf.org end-to-end principle DIEGO LOPEZ GARCIA
- Re: ietf.org end-to-end principle Stephen Farrell
- Re: ietf.org end-to-end principle DIEGO LOPEZ GARCIA
- Re: ietf.org unaccessible for Tor users Linus Nordberg
- Re: ietf.org end-to-end principle Jari Arkko
- Re: ietf.org end-to-end principle Phillip Hallam-Baker
- Re: ietf.org end-to-end principle Stefan Winter
- RE: ietf.org end-to-end principle Josh Howlett
- RE: ietf.org end-to-end principle Josh Howlett
- Re: ietf.org end-to-end principle Melinda Shore
- Re: ietf.org end-to-end principle joel jaeggli
- Re: ietf.org end-to-end principle Eliot Lear
- Re: ietf.org end-to-end principle lloyd.wood
- Re: ietf.org end-to-end principle Leif Johansson
- RE: ietf.org end-to-end principle Josh Howlett
- Re: ietf.org end-to-end principle joel jaeggli
- Re: ietf.org end-to-end principle Dave Crocker
- Re: ietf.org end-to-end principle Jari Arkko
- Re: ietf.org end-to-end principle DIEGO LOPEZ GARCIA
- RE: ietf.org end-to-end principle Hui Deng
- Re: ietf.org end-to-end principle Joe Touch