ietf
[Top] [All Lists]

Changes regarding IETF website CDN settings and TOR networks

2016-03-28 14:41:37
Based on earlier feedback on IETF discussion list, the IAOC has decided to ask 
the IETF network admins to make a change with regards to how our CDN serves 
clients coming from TOR networks.

For background, our website uses a number of techniques to help combat 
denial-of-service attacks.  One of these mechanisms was based on CAPTCHAs that 
were triggered, in particular, for some users when accessing the IETF web site 
for the first time and heuristically identified as coming from a TOR exit node. 
 Once the CAPTCHA is passed, the user was able to browse normally.  However, in 
the process of performing the CAPTCHA and accessing the IETF website, cookies 
and scripts are used, which was a concern for some users.

Information on the IETF website is meant to be public, and should be openly 
accessible for as broad consumption as technically and practically possible. 
When there are groups of people whose access to the website is for some reason 
problematic, we try to accommodate better access, no matter who makes such 
request, within the bounds of what is practical, of course, and considering the 
potential effects of denial-of-service attacks and other issues.

The change in our settings is to no longer perform CAPTCHAs or other extra 
mechanisms for clients coming from TOR networks.  Behaviour for other users 
should not be affected, though it is an open question whether any significant 
denial-of-service attacks could be launched from these networks.

Please note that the our admins are monitoring the situation, and have the 
ability to change this configuration at any time. So if the TOR exit nodes are 
the source of an attack, for instance, the configuration could be adjusted 
again. And of course, further actions regarding how the IETF website is run are 
based on our experiences from current and past setups, and your feedback.

Jari Arkko, IETF Chair

<Prev in Thread] Current Thread [Next in Thread>
  • Changes regarding IETF website CDN settings and TOR networks, IETF Chair <=