Re: ietf.org unaccessible for Tor users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 3/16/2016 8:55 AM, Jari Arkko wrote:
I also wanted to address the question of “outside services”.

There are obviously various different technical arrangements. From one box to multiple boxes to clouds, load balancers, front-ends, own and shared networks, etc.

But I want to be clear that the IETF services do not run by themselves. There are real people and real costs involved in running the services. Arrangements differ, some services are run by volunteers (thank you!) and some under commercial arrangements that we explicitly contract and pay for. AMS, some data centre facilities, Cloudfare, and software developer companies, for instance. We have the ability to decide what we want, though obviously within some constraints of what is reasonably available and/or at what cost.

I think it is useful to discuss whether our technical arrangements should evolve somehow. But I don’t think we can get away from the fact that we’ll be using commercial services of one or other kind. I wouldn’t draw the line between inside and outside at the CDNs, for instance.

Jari


To expand on this slightly. There's a cost for pretty much everything we do/the IETF does/the IETF staff does/that needs to be done. Someone has to foot the bill. In looking at the Tor question I would ask: Can we make a reasonable accommodation for TOR at a minimal cost (in money, time, management) (i.e. what exactly will this do to the bottom line and the security of the system?) ? If the costs are substantial/not trivial, WOULD the TOR users be willing to spend their own money to subsidize the access? If not, SHOULD the IETF subsidize the access?

I may be misreading the thread, but it appears to be not so much that you can't access the IETF information through TOR because of the Captcha (caused by the TOR sites being on a blacklist/not being on a white list), but because those with the TOR browser don't want to allow the use of Javascript. E.g. its not primarily a technical issue (which I would say that would get almost universal support to fix) exactly - but one of choice or philosophy with technical ramifications.

And lest anyone think I'm skimming over the whole reason for using Tor: One reductio ad absurdum thing to do (extreme pain) would be to require Captcha for *all* accesses to the IETF web pages - e.g. ignore the evaluation of perceived threat from the querying site and make all of us share in the pain. The other one would be to remove Captcha for all. I don't think either of these passes the smell test.

Later, Mike

ps - if there's a cost, and the IETF is expected to pay it, I'd much rather we/they spend the money on additional or improved assistive technologies to enable broader access to IETF content along these lines: http://www.internetsociety.org/doc/internet-accessibility-internet-use-persons-disabilities-moving-forward




[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]