Hi Eliot!
On Mar 15, 2016, at 12:58, Eliot Lear
<lear(_at_)cisco(_dot_)com<mailto:lear(_at_)cisco(_dot_)com>> wrote:
Yes, but we at least can spot the C&C on the Internet. See upthread about how
hard that is with Tor.
I just want to round back and check that we're all discussing the same thing.
The thread so far seems to be regards "People who use Browsers over Tor have
problems accessing IETF because CAPTCHA from IETF's Hosting Provider".
Elsewhere, other people have made clear arguments that perhaps this is an
issue, because IETF broad participation and open access, and has written
principles against surveillance.
My understanding is that you are making an argument that making life hard for
people who access IETF's website over Tor is justified, because some DDoS
botnets use Tor as command-and-control backhaul - which is not a unique
situation, other botnets use IRC, or HTTP and some with SSL.
So, yes, sometimes Tor gets used by bad people to do bad stuff. That much is
correct, and is a criticism which can actually be thrown at HTTP or the
Internet in general.
So - with this understanding - why pick on people who want to access the IETF
over Tor? Perhaps you wish to make some kind of moral stand against network
protocols which are sometimes used to do bad things?
If so, why not start with TCP?
-a