Re: Changes regarding IETF website CDN settings and TOR networks

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



IETF folks may be interested in this recent cloudflare post that outlines some potential changes to Tor -- SHA-256 hashes for hidden service certs, move proof-of-work into TorBrowser -- that could make this a bit more robust against automated malicious activity (unfortunate title IMO):

http://blog.cloudflare.com/the-trouble-with-tor/

On Monday, March 28, 2016, IETF Chair <chair@xxxxxxxx> wrote:
Based on earlier feedback on IETF discussion list, the IAOC has decided to ask the IETF network admins to make a change with regards to how our CDN serves clients coming from TOR networks.

For background, our website uses a number of techniques to help combat denial-of-service attacks.  One of these mechanisms was based on CAPTCHAs that were triggered, in particular, for some users when accessing the IETF web site for the first time and heuristically identified as coming from a TOR exit node.  Once the CAPTCHA is passed, the user was able to browse normally.  However, in the process of performing the CAPTCHA and accessing the IETF website, cookies and scripts are used, which was a concern for some users.

Information on the IETF website is meant to be public, and should be openly accessible for as broad consumption as technically and practically possible. When there are groups of people whose access to the website is for some reason problematic, we try to accommodate better access, no matter who makes such request, within the bounds of what is practical, of course, and considering the potential effects of denial-of-service attacks and other issues.

The change in our settings is to no longer perform CAPTCHAs or other extra mechanisms for clients coming from TOR networks.  Behaviour for other users should not be affected, though it is an open question whether any significant denial-of-service attacks could be launched from these networks.

Please note that the our admins are monitoring the situation, and have the ability to change this configuration at any time. So if the TOR exit nodes are the source of an attack, for instance, the configuration could be adjusted again. And of course, further actions regarding how the IETF website is run are based on our experiences from current and past setups, and your feedback.

Jari Arkko, IETF Chair


--
Joseph Lorenzo Hall
Chief Technologist, Center for Democracy & Technology [https://www.cdt.org]
e: joe@xxxxxxx, p: 202.407.8825, pgp: https://josephhall.org/gpg-key
Fingerprint: 3CA2 8D7B 9F6D DBD3 4B10  1607 5F86 6987 40A9 A871

CDT's annual dinner, Tech Prom, is April 6, 2016! https://cdt.org/annual-dinner

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]