Re: IETF web site behind CloudFlare

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Linus,

The change to Cloudfare has been mentioned, for instance in the plenary. The decision was taken by IAOC, with input from the tools committee, based on our perception of the need to have a globally efficient access to IETF web content, with ability to scale as needed, and with the kind of support that we need. And obviously without having to build too much of it ourselves.  Note that the current setup involves static web content and not the data tracker.

See page 18 in for some measurements regarding the effects http://www.ietf.org/proceedings/90/slides/slides-90-iesg-opsplenary-7.pdf and I think at least I personally have found the impact significant.

I was not personally aware of the captcha operation nor have I ever seen it while accessing the IETF web site from various places. But we can ask Ray to investigate if there are different, more suitable settings. However, I’d note that being able to deal with some dos attacks is actually a useful feature, and it is not unthinkable for the IETF to be a target. So any defence tactic inconvenience should be weighted against the risks and benefits.

Paul:

> We
> have contributors in countries where using tor to access IETF might
> actually be a requirement.


That is interesting. Do you have details? Where?

Shumon:

> I believe Jari Arrko mentioned at the last IETF that Cloudflare is working on deploying DNSSEC. It would be good to know if they have a specific or estimated timeline for that.

TLS, DNSSEC, IPv6, etc are very important to us. TLS and IPv6 obviously has been there, and partially based on IETF request they are working on DNSSEC. Stay tuned - the date that I heard earlier this year is approaching, but we can again ask Ray to check the current situation.

Rhys and Brian:

> A bug in CloudFlare’s stuff?

> The only issue I've noticed since the site was CloudFlared (well before
> IETF 90) is that sometimes the mirror in Sydney, AU is out of date
> when files are updated. For example if you upload a new version of
> something to the meeting materials manager, the old version is served
> from Sydney for some length of time (less than one hour, I believe).

If we find a problem either with the IETF or Cloudfare setup - and test it to be a real problem - please communicate with Ray to get it reported.

Jari

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]