Michael StJohns wrote: > I'm still trying to wrap my head around an "I must not be caught" > protocol designer. Funny, but I thought the target of the documents was "implementers". While it is easy to look around an IETF meeting and start to believe that the documents are "by and for protocol designers", that should not be the case. It should also not be hard to believe in an "I must not be caught" implementer an app that used IPsec. John C Klensin wrote: ... > > Noting the above including the repeatedly-asked question of who needs > this and why the IETF should assume the costs and also noting that we've > discontinued mechanisms for accessing IETF materials when too few people > were using them The flip side of that is that having a Tor router implemented as suggested would provide the appropriate count of how much it gets used. (the RFC printing and (postal) mailing service being only > the most prominent > example), let me suggest something far more simple: It has > been firm IETF policy for a very long time that there are no restrictions on > mirrors of IETF files and data and redistribution of IETF mailing lists. True, but that in itself constitutes an attack vector. If someone wanted to subvert anyone that was trying to use Tor to access the IETF documents, the easiest thing to do would be to create the proposed mirror, but make subtle and incompatible changes to the documents so that any implementation based on them would fail. If the implementer had no way to reference the correct documents without exposing themselves, they would never know there was a change. > Assuming that the sum of the number of people who want or need to access > IETF materials via TOR and the number of people who feel strongly about > helping the first group(s) protect themselves is non-trivial (from the > amount of impassioned discussion on the topic, we already know that sum > is not-zero), why don't those people simply set up an appropriate mirror, > establish whatever access mechanisms that suit their needs and > requirements, and go happily on their way? I would argue that the community of implementers that believed they need Tor access would be better served by knowing the documents came from the 'source of truth' on the matter, and that any future questions about usage quantity would be easy to answer. > That would avoid both the stresses on IETF services and staff that concern > Mike (and me) but also any disclosure to IETF personnel about who was > using the service and why -- disclosure that, under the proposed privacy > policy, might become public information. While I agree that this is likely best set up, tested, and well documented by 'motivated volunteers', I don't believe that pushing the entire operation out the door is the correct response. If the privacy policy would disclose who and why this was being used, it probably needs tuning up anyway. The only thing that should be exposed about an explicitly 'anonymous access path' is the count of users. Disclosing where, why, or what, would only serve to curtail usage as a means to justify shutting it down. That said, there would likely need to be policy about who has access to the information that the Tor node knows, to avoid accidental release of information. Tony