Re: ietf.org unaccessible for Tor users

[Leif Johansson <leifj@mnt.se>]

On 2016-03-17 02:20, Michael StJohns wrote:
> On 3/16/2016 6:33 PM, Tony Hain wrote:
>> Michael StJohns wrote:
>>> >I'm still trying to wrap my head around an "I must not be caught"
>>> >protocol designer.
>> Funny, but I thought the target of the documents was "implementers".
>> While
>> it is easy to look around an IETF meeting and start to believe that the
>> documents are "by and for protocol designers", that should not be the
>> case.
>> It should also not be hard to believe in an "I must not be caught"
>> implementer an app that used IPsec.
> 
> 
> There are  "participators" (or protocol designers) who would be expected
> to go back time and again to the IETF website to grab new stuff
> (internet drafts etc), and possibly contribute, and there "implementers"
> who are usually coming after the fact and grabbing the final document
> for implementation.  It's generally not cost effective - unless you're
> very involved in the design process - to implement the internet draft
> flavor of the week.  I think of the IETF website primarily serving the
> first group with access to the second group kind of a happy accident. 
> (I'm not quite as flip about it as that, but keep in mind the target
> audience of the ID's and all of the cruft that goes with moving them
> through the standards process vs the target audience of RFC's).
> 
> So my point was more about there being lots of sources for finished
> documents (RFCs) that aren't the IETF (google Request for comments
> mirror) where someone with a Tor browser can just grab those without the
> IETF doing anything.   There are also plenty of ways for others to make
> mirrors of IETF content that don't involve intercession by the IETF
> staff (you've mentioned setting up a TOR public hidden service - I'd
> suggest that its better to have a Tor'ite do it that the IETF) - and
> many have done so.
> 
> WRT to your example - its really "implementer that built an app that
> used IPSec for something that broke some law somewhere".  It's not
> generally the IPSec per se that's a violation (or for that matter any of
> the IETF protocols), but what they get used for.  And even then, he's
> more likely to be grabbing one of the open source packages that
> implement the IETFs protocols than implementing something himself.
> 
> I mostly get where you're coming from - but I'm finding it hard to
> believe that the size of the intersection of "Tor users", "safety via
> anonymity required users" and "IETF participants" is very large - if it
> contains any elements at all.
> 
> What I've asked for is for data on the size of the problems - and what
> I've been told is that no data is to be had.  I'm OK with that, but that
> turns statements about why things are needed from objectively
> evaluatable proposals into subjective positions where either side might
> have all or part of the truth.   Or put another way, turns good factual
> arguments which I can evaluate into simple opinions which each of us
> will take with a different grain of salt.
> 
> 
> 
> 
> 
> 


I have an idea: instead of a CAPTCHA, can't we get CF to implement
"proove that you are an IETFer" test that requires you to dive into
an inane thread on the IETF list and identify the precise point where
it jumped the shark.