On 3/16/2016 8:55 AM, Jari Arkko wrote:
I also wanted to address the question of “outside services”.
There are obviously various different technical arrangements. From one box to multiple boxes to clouds, load balancers, front-ends, own and shared networks, etc.
But I want to be clear that the IETF services do not run by themselves. There are real people and real costs involved in running the services. Arrangements differ, some services are run by volunteers (thank you!) and some under commercial arrangements that we explicitly contract and pay for. AMS, some data centre facilities, Cloudfare, and software developer companies, for instance. We have the ability to decide what we want, though obviously within some constraints of what is reasonably available and/or at what cost.
I think it is useful to discuss whether our technical arrangements should evolve somehow. But I don’t think we can get away from the fact that we’ll be using commercial services of one or other kind. I wouldn’t draw the line between inside and outside at the CDNs, for instance.
Jari
To expand on this slightly. There's a cost for pretty much everything
we do/the IETF does/the IETF staff does/that needs to be done. Someone
has to foot the bill. In looking at the Tor question I would ask: Can
we make a reasonable accommodation for TOR at a minimal cost (in money,
time, management) (i.e. what exactly will this do to the bottom line and
the security of the system?) ? If the costs are substantial/not
trivial, WOULD the TOR users be willing to spend their own money to
subsidize the access? If not, SHOULD the IETF subsidize the access?
I may be misreading the thread, but it appears to be not so much that
you can't access the IETF information through TOR because of the Captcha
(caused by the TOR sites being on a blacklist/not being on a white
list), but because those with the TOR browser don't want to allow the
use of Javascript. E.g. its not primarily a technical issue (which I
would say that would get almost universal support to fix) exactly - but
one of choice or philosophy with technical ramifications.
And lest anyone think I'm skimming over the whole reason for using Tor:
One reductio ad absurdum thing to do (extreme pain) would be to
require Captcha for *all* accesses to the IETF web pages - e.g. ignore
the evaluation of perceived threat from the querying site and make all
of us share in the pain. The other one would be to remove Captcha for
all. I don't think either of these passes the smell test.
Later, Mike
ps - if there's a cost, and the IETF is expected to pay it, I'd much
rather we/they spend the money on additional or improved assistive
technologies to enable broader access to IETF content along these lines:
http://www.internetsociety.org/doc/internet-accessibility-internet-use-persons-disabilities-moving-forward