One Internet or something? > Eliot Lear <mailto:lear@xxxxxxxxx> > 15 March 2016 at 10:14 > > I'll bite: why is it important that IETF documents be accessible via Tor? > > Eliot > > > Jari Arkko <mailto:jari.arkko@xxxxxxxxx> > 15 March 2016 at 08:20 > I don’t have a solution, but I wanted to say that I feel the pain. > > It is important that IETF documents are accessible via Tor. It is > important that whatever CAPTCHA's are being employed, they are > accessible to everyone. It is important that we at the IETF are able > to deal with DoS attacks. > > I’m not ready to believe that the above requirements are fundamentally > in conflict. > > I have a question thought and couple of other observations. > > The question: Yui: I was under the (perhaps mistaken) assumption that > ietf.org is generally accessible to everyone in the usual way, but > that some blacklisted nodes will have to go through a CAPTCHA process > before being able to continue. Is this so, or is there an experience > that says nodes are blocked and there isn’t even a possibility to go > through a CAPTCHA? Or is the problem that there is a CAPTCHA but you > do not feel that it is done in a way that is appropriate? Does all > this relate to http or https traffic? > > The observations: > > o I do not feel that contracted running of multiple copies of our > servers constitutes a man-in-the-middle arrangement. > > o I have asked the matter to be discussed in our IT/tools/IAOC > meetings, but I’ll note that we may not have any more magical answers > than what is already being discussed on the list. > > Jari > > Randy Bush <mailto:randy@xxxxxxx> > 14 March 2016 at 23:26 > > i agree this is a problem. but i am not sure about the solution space. > are we trading one form of security for another? > > what is the treat model which drives us to tls/https? authenticity of > the data? privacy of what i access? in the scheme of things, how > important are our data anyway and what are we trading for perceived > protection? > > how much load-spreading and resilience do ietf web/wiki/archives > actually need? if they need a cdn, and i am not so sure they do, can we > have a cdn which supports tls without being a monkey in the middle? do > we pay to deploy a half dozen anycasted instances of our own and > maintain them [0]? > > some of this we have discussed before, maybe not as insightfully as we > might have. > > randy > > 0 - sysadmin is similar to doing the dishes; you go to sleep with a > clean kitchen, but there will be more dishes tomorrow. > > Yui Hirasawa <mailto:yui@xxxxxxx> > 13 March 2016 at 14:35 > Hello IETF, > > Today when I tried to go read a standard on the ietf.org website I was > met with a CloudFlare CAPTCHA page. > > By using CloudFlare IETF is actively blocking Tor connections to IETF > page. CloudFlare also works as man-in-the-middle and all encryption to > ietf.org is null and void which means IETF is actively helping the > authoritarian governments weaken the encryption on the Internet. > CloudFlare also requires proprietary javascript to be run by Tor users > who want to access websites which makes fingerprinting them very easy. > Because CloudFlare is a man-in-the-middle it can also inject websites > with malicious javascript, such as fingerprinting javascript. CloudFlare > also collects all connection data and is subject to US secret courts and > thus using it is directly contributing to the mass surveillance of the > Internet. > > Tor project has also finally started noticing this[1]. And I wrote a > small thing[2] about it on my website recently as well. > > IETF using CloudFlare is a very bad thing for the security and > neutrality of the Internet and this should be fixed immediately. > > If you think there is some other place where I could notify people about > this then please send me an email. > > [1]: https://trac.torproject.org/projects/tor/ticket/18361 > [2]: https://GNU.moe/thoughts/cloudflare.html > -- Christian de Larrinaga FBCS, CITP, ------------------------- @ FirstHand ------------------------- +44 7989 386778 cdel@xxxxxxxxxxxxx -------------------------