ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Changes regarding IETF website CDN settings and TOR networks

2016-04-01 00:33:18
from [Joseph Lorenzo Hall] [Permanent Link] 
IETF folks may be interested in this recent cloudflare post that outlines
some potential changes to Tor -- SHA-256 hashes for hidden service certs,
move proof-of-work into TorBrowser -- that could make this a bit more
robust against automated malicious activity (unfortunate title IMO):

http://blog.cloudflare.com/the-trouble-with-tor/

On Monday, March 28, 2016, IETF Chair <chair(_at_)ietf(_dot_)org> wrote:


Based on earlier feedback on IETF discussion list, the IAOC has decided to
ask the IETF network admins to make a change with regards to how our CDN
serves clients coming from TOR networks.

For background, our website uses a number of techniques to help combat
denial-of-service attacks.  One of these mechanisms was based on CAPTCHAs
that were triggered, in particular, for some users when accessing the IETF
web site for the first time and heuristically identified as coming from a
TOR exit node.  Once the CAPTCHA is passed, the user was able to browse
normally.  However, in the process of performing the CAPTCHA and accessing
the IETF website, cookies and scripts are used, which was a concern for
some users.

Information on the IETF website is meant to be public, and should be
openly accessible for as broad consumption as technically and practically
possible. When there are groups of people whose access to the website is
for some reason problematic, we try to accommodate better access, no matter
who makes such request, within the bounds of what is practical, of course,
and considering the potential effects of denial-of-service attacks and
other issues.

The change in our settings is to no longer perform CAPTCHAs or other extra
mechanisms for clients coming from TOR networks.  Behaviour for other users
should not be affected, though it is an open question whether any
significant denial-of-service attacks could be launched from these networks.

Please note that the our admins are monitoring the situation, and have the
ability to change this configuration at any time. So if the TOR exit nodes
are the source of an attack, for instance, the configuration could be
adjusted again. And of course, further actions regarding how the IETF
website is run are based on our experiences from current and past setups,
and your feedback.

Jari Arkko, IETF Chair




-- 
Joseph Lorenzo Hall
Chief Technologist, Center for Democracy & Technology [https://www.cdt.org]
e: joe(_at_)cdt(_dot_)org, p: 202.407.8825, pgp: https://josephhall.org/gpg-key
Fingerprint: 3CA2 8D7B 9F6D DBD3 4B10  1607 5F86 6987 40A9 A871

CDT's annual dinner, Tech Prom, is April 6, 2016!
https://cdt.org/annual-dinner
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Next by Date:  Re: [Recentattendees] Remote Participation for IETF 95: Meetecho Details, Rich Kulawiec
Next by Thread:  Re: Changes regarding IETF website CDN settings and TOR networks, Linus Nordberg
Indexes:  [Date] [Thread] [Top] [All Lists]