Re: Changes regarding IETF website CDN settings and TOR networks

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Those of you who read the CloudFlare post might also be interested in
Tor Project's recent post questioning the 94% figure:
https://blog.torproject.org/blog/trouble-cloudflare

Joseph Lorenzo Hall <joe@xxxxxxx> wrote
Thu, 31 Mar 2016 22:32:57 -0700:

| IETF folks may be interested in this recent cloudflare post that outlines
| some potential changes to Tor -- SHA-256 hashes for hidden service certs,
| move proof-of-work into TorBrowser -- that could make this a bit more
| robust against automated malicious activity (unfortunate title IMO):
| 
| http://blog.cloudflare.com/the-trouble-with-tor/
| 
| On Monday, March 28, 2016, IETF Chair <chair@xxxxxxxx> wrote:
| 
| > Based on earlier feedback on IETF discussion list, the IAOC has decided to
| > ask the IETF network admins to make a change with regards to how our CDN
| > serves clients coming from TOR networks.
| >
| > For background, our website uses a number of techniques to help combat
| > denial-of-service attacks.  One of these mechanisms was based on CAPTCHAs
| > that were triggered, in particular, for some users when accessing the IETF
| > web site for the first time and heuristically identified as coming from a
| > TOR exit node.  Once the CAPTCHA is passed, the user was able to browse
| > normally.  However, in the process of performing the CAPTCHA and accessing
| > the IETF website, cookies and scripts are used, which was a concern for
| > some users.
| >
| > Information on the IETF website is meant to be public, and should be
| > openly accessible for as broad consumption as technically and practically
| > possible. When there are groups of people whose access to the website is
| > for some reason problematic, we try to accommodate better access, no matter
| > who makes such request, within the bounds of what is practical, of course,
| > and considering the potential effects of denial-of-service attacks and
| > other issues.
| >
| > The change in our settings is to no longer perform CAPTCHAs or other extra
| > mechanisms for clients coming from TOR networks.  Behaviour for other users
| > should not be affected, though it is an open question whether any
| > significant denial-of-service attacks could be launched from these networks.
| >
| > Please note that the our admins are monitoring the situation, and have the
| > ability to change this configuration at any time. So if the TOR exit nodes
| > are the source of an attack, for instance, the configuration could be
| > adjusted again. And of course, further actions regarding how the IETF
| > website is run are based on our experiences from current and past setups,
| > and your feedback.
| >
| > Jari Arkko, IETF Chair
| >
| 
| 
| -- 
| Joseph Lorenzo Hall
| Chief Technologist, Center for Democracy & Technology [https://www.cdt.org]e: joe@xxxxxxx, p: 202.407.8825, pgp: https://josephhall.org/gpg-keyFingerprint: 3CA2 8D7B 9F6D DBD3 4B10  1607 5F86 6987 40A9 A871
| 
| CDT's annual dinner, Tech Prom, is April 6, 2016!
| https://cdt.org/annual-dinner




[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]