Michael StJohns wrote:
I'm still trying to wrap my head around an "I must not be caught"
protocol designer.
Funny, but I thought the target of the documents was "implementers". While
it is easy to look around an IETF meeting and start to believe that the
documents are "by and for protocol designers", that should not be the case.
It should also not be hard to believe in an "I must not be caught"
implementer an app that used IPsec.
John C Klensin wrote:
...
Noting the above including the repeatedly-asked question of who needs
this and why the IETF should assume the costs and also noting that we've
discontinued mechanisms for accessing IETF materials when too few people
were using them
The flip side of that is that having a Tor router implemented as suggested
would provide the appropriate count of how much it gets used.
(the RFC printing and (postal) mailing service being only
the most prominent
example), let me suggest something far more simple: It has
been firm IETF policy for a very long time that there are no restrictions
on
mirrors of IETF files and data and redistribution of IETF mailing lists.
True, but that in itself constitutes an attack vector. If someone wanted to
subvert anyone that was trying to use Tor to access the IETF documents, the
easiest thing to do would be to create the proposed mirror, but make subtle
and incompatible changes to the documents so that any implementation based
on them would fail. If the implementer had no way to reference the correct
documents without exposing themselves, they would never know there was a
change.
Assuming that the sum of the number of people who want or need to access
IETF materials via TOR and the number of people who feel strongly about
helping the first group(s) protect themselves is non-trivial (from the
amount of impassioned discussion on the topic, we already know that sum
is not-zero), why don't those people simply set up an appropriate mirror,
establish whatever access mechanisms that suit their needs and
requirements, and go happily on their way?
I would argue that the community of implementers that believed they need Tor
access would be better served by knowing the documents came from the 'source
of truth' on the matter, and that any future questions about usage quantity
would be easy to answer.
That would avoid both the stresses on IETF services and staff that concern
Mike (and me) but also any disclosure to IETF personnel about who was
using the service and why -- disclosure that, under the proposed privacy
policy, might become public information.
While I agree that this is likely best set up, tested, and well documented
by 'motivated volunteers', I don't believe that pushing the entire operation
out the door is the correct response. If the privacy policy would disclose
who and why this was being used, it probably needs tuning up anyway. The
only thing that should be exposed about an explicitly 'anonymous access
path' is the count of users. Disclosing where, why, or what, would only
serve to curtail usage as a means to justify shutting it down. That said,
there would likely need to be policy about who has access to the information
that the Tor node knows, to avoid accidental release of information.
Tony