Jari Arkko <jari.arkko@xxxxxxxxx> wrote:
> It is important that IETF documents are accessible via Tor. It is
> important that whatever CAPTCHA's are being employed, they are
> accessible to everyone. It is important that we at the IETF are able to
> deal with DoS attacks.
These systems do not need to be the same system, do they?
I think we are talking about www.ietf.org, and not datatracker.
I think that most of www.ietf.org is static; that it could be rsync'ed, and
we could have instances (with different names) that aren't behind cloudflare
(but, which would be far more DDoS'able).
> The question: Yui: I was under the (perhaps mistaken) assumption that
> ietf.org is generally accessible to everyone in the usual way, but that
> some blacklisted nodes will have to go through a CAPTCHA process before
> being able to continue. Is this so, or is there an experience that says
> nodes are blocked and there isn’t even a possibility to go through a
> CAPTCHA? Or is the problem that there is a CAPTCHA but you do not feel
> that it is done in a way that is appropriate? Does all this relate to
> http or https traffic?
> The observations:
> o I do not feel that contracted running of multiple copies of our
> servers constitutes a man-in-the-middle arrangement.
> o I have asked the matter to be discussed in our IT/tools/IAOC
> meetings, but I’ll note that we may not have any more magical answers
> than what is already being discussed on the list.
--
Michael Richardson <mcr+IETF@xxxxxxxxxxxx>, Sandelman Software Works
-= IPv6 IoT consulting =-
Attachment:
signature.asc
Description: PGP signature