I don’t have a solution, but I wanted to say that I feel the pain. It is important that IETF documents are accessible via Tor. It is important that whatever CAPTCHA's are being employed, they are accessible to everyone. It is important that we at the IETF are able to deal with DoS attacks. I’m not ready to believe that the above requirements are fundamentally in conflict. I have a question thought and couple of other observations. The question: Yui: I was under the (perhaps mistaken) assumption that ietf.org is generally accessible to everyone in the usual way, but that some blacklisted nodes will have to go through a CAPTCHA process before being able to continue. Is this so, or is there an experience that says nodes are blocked and there isn’t even a possibility to go through a CAPTCHA? Or is the problem that there is a CAPTCHA but you do not feel that it is done in a way that is appropriate? Does all this relate to http or https traffic? The observations: o I do not feel that contracted running of multiple copies of our servers constitutes a man-in-the-middle arrangement. o I have asked the matter to be discussed in our IT/tools/IAOC meetings, but I’ll note that we may not have any more magical answers than what is already being discussed on the list. Jari
Attachment:
signature.asc
Description: Message signed with OpenPGP using GPGMail