Re: [Add] ECS privacy concerns, alternatives?
Brian Dickson <brian.peter.dickson@gmail.com> Tue, 16 April 2019 22:19 UTC
Return-Path: <brian.peter.dickson@gmail.com>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C5AE2120192 for <add@ietfa.amsl.com>; Tue, 16 Apr 2019 15:19:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3LRB2U2rd_Is for <add@ietfa.amsl.com>; Tue, 16 Apr 2019 15:19:09 -0700 (PDT)
Received: from mail-qt1-x82a.google.com (mail-qt1-x82a.google.com [IPv6:2607:f8b0:4864:20::82a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 89952120045 for <add@ietf.org>; Tue, 16 Apr 2019 15:19:09 -0700 (PDT)
Received: by mail-qt1-x82a.google.com with SMTP id v20so25191697qtv.12 for <add@ietf.org>; Tue, 16 Apr 2019 15:19:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=rFtMb/4UjltufnKb3yV44CwHzyDUrLXvK+FeMUQIr4o=; b=Y4NUFFVFNtBpn8xgb8dxknIic83LiZLECG8y3adE+utD6Re+d9Vns8dkCNsyeKHBYW AT6uJpWRSOs5HWfKDI0E3UYfvex1/jiB0PoUwiBrEkntFa08BjJkycGEwyzfmhTqDmEG XxXXPjBiStdRZmu/ANiP71K9ZZtg1t/Qtz4zcCWQjo9c3FjUyT+i2cXHcdmRHsDeaKHn eFYlnpjWj8bqQClhOtnMmSOveVo365Ym0GqfrQJA+j+JQVIuX59cFnRIU06dIJDi23cJ 0NPnIBopqMyUe2CHTOkN7WYJxkKLQJzKs/SL5+j1C1BvhsVJw1KcnrhDkaAM0zVllCtK dzVA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=rFtMb/4UjltufnKb3yV44CwHzyDUrLXvK+FeMUQIr4o=; b=ol2n84weYz5EvKEozyWe4vR3RinNwzyyZGMSHvjOGyXuZ2bhPoRcuamTSOG1/xTj+v P0IY2l7oY52aY+d0d1q/Ass/aWlNQQojy2Egt75hssVWeRHAqI1pyYoDr96y8GbsSE83 K8Z0gmyMTb+vYC/HzNPKTUutzIFbhzMkI2L+XlDV3L34rPgXVQOXL1eUI1CcNGQFry4f 86lzPNQtn5ORQbIhGW6D+2Qjyhv7l4ubq97cYnzyytv4YX0aIBjjmiFtPZM4BDAcONA0 JHExQnqSV1GcMwqLTe/bEIIgRgmh+SKa55lF2tc+pdlGzGk+jXIFV4mPs32AVBJt+c0Y LqwA==
X-Gm-Message-State: APjAAAVpsTHY+R717pSYosPTGdwKDHgZrhQK17rhedFbfpAraLh/UGZm UFDqxen9qo65ge/eaHFvD4sE+dtUzgGS1HJHdkdbCHMh2cQ=
X-Google-Smtp-Source: APXvYqwv/lMbrsXcrIZYVK/OTQGRKr6++eLx/7zWhQ8d6s/V0R2L8HLg9xOrknaH4Brer5KJeg6Z1CcNU8RLlJ/AUzs=
X-Received: by 2002:ac8:1638:: with SMTP id p53mr66535099qtj.257.1555453148673; Tue, 16 Apr 2019 15:19:08 -0700 (PDT)
MIME-Version: 1.0
References: <alpine.LRH.2.21.1904101324530.9940@bofh.nohats.ca> <64aeff58-6d68-4c4f-b991-2b2f62d193a0@www.fastmail.com> <90A5C5C4-373C-4B39-80C2-C115CD23CB4D@fl1ger.de> <994839978.18707.1554973716877@appsuite.open-xchange.com> <af5f5c76-0095-65a0-39d1-d29d4bb0e906@mozilla.com> <ybl36mn8b54.fsf@w7.hardakers.net> <f9d0cd98-db0c-7f42-d351-d9a5002c4765@mozilla.com> <21C5261E-9DE0-4CFD-A949-6E91DD0C2552@cable.comcast.com> <9FDAE487-6E98-4332-BB57-A626A02A6402@cable.comcast.com> <CAH1iCiqPqWCEmT0DSyzu-DRtna_p1SZXuiK15HHyTrjnX1iUaA@mail.gmail.com> <20190416215849.59653.qmail@f3-external.bushwire.net>
In-Reply-To: <20190416215849.59653.qmail@f3-external.bushwire.net>
From: Brian Dickson <brian.peter.dickson@gmail.com>
Date: Tue, 16 Apr 2019 15:18:57 -0700
Message-ID: <CAH1iCirZRDBAvVoyYa9MqsGaciO=vTbgstVOVRpN=En6+KqxcA@mail.gmail.com>
To: Mark Delany <h4m@mike.emu.st>
Cc: add@ietf.org
Content-Type: multipart/alternative; boundary="0000000000006439d30586ad2832"
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/UI2x0XmzB100pTbvQ4tENQvL6e4>
Subject: Re: [Add] ECS privacy concerns, alternatives?
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Apr 2019 22:19:12 -0000
On Tue, Apr 16, 2019 at 2:58 PM Mark Delany <h4m@mike.emu.st> wrote: > On 16Apr19, Brian Dickson allegedly wrote: > > > There are other ways to improve the whole ECS model by moving to GEO. > > There are other reasons for using ECS besides GEO and that is > topological proximity and path costs. > > While it is true that many are using GEO as a proxy for topology > because it's close enough for their application, e.g: > > if countryCode[ip] == "UK" then serve a London IP. > if countryCode[ip] == "AU" then serve a Sydney IP. > > > there are others who use ECS as input into path and cost metrics as > part of calculating an answer. > > They do this because latency means everything or costs mean everything > or both! Such calculations fail to work with geo-only data - > particularly if your deployment is more fine-grained than country-code > level. > > Yes, I agree with what you are saying. That's why I indicated that by "geo", I meant OPTIONALLY more fine-grained than country-level: >country and sub-country levels, e.g. ISO-3166, with 3166-1 being countries, and 3166-2 being sub-country 3-letter codes. (This may or may not be adequate for some of those currently doing ECS; however, without GEO, there is no alternative.) The original question raised by JL was what alternatives there might be to ECS, that could preserve privacy without requiring encryption? In general, the existence of two solutions, ECS and GEO, would facilitate various "consenting adults" to agree on ECS where there is reason to do so. It might be a bit more data to stuff into a query (either or both of ECS and GEO), and for the answer returned to indicate which one was used (ECS or GEO). But I think that way would support multiple use cases, including encrypted or not (according to agreements with e.g. browser vendors for inclusion on some list). So, "moving" might not mean the same thing for everyone, it is more a question of "supporting a new standard, with or without supporting an older standard".. I'm pretty sure we are not in a one-size-fits-all world here. Brian
- [Add] Mozilla's DoH resolver policy Paul Hoffman
- Re: [Add] Mozilla's DoH resolver policy nusenu
- Re: [Add] Mozilla's DoH resolver policy Paul Wouters
- Re: [Add] Mozilla's DoH resolver policy Martin Thomson
- Re: [Add] Mozilla's DoH resolver policy Ralf Weber
- Re: [Add] Mozilla's DoH resolver policy Valentin Gosu
- Re: [Add] Mozilla's DoH resolver policy Vittorio Bertola
- Re: [Add] Mozilla's DoH resolver policy Jim Reid
- Re: [Add] Mozilla's DoH resolver policy Ralf Weber
- Re: [Add] Mozilla's DoH resolver policy Manabu Sonoda
- Re: [Add] Mozilla's DoH resolver policy Valentin Gosu
- Re: [Add] Mozilla's DoH resolver policy Ray Bellis
- Re: [Add] Mozilla's DoH resolver policy Ralf Weber
- Re: [Add] Mozilla's DoH resolver policy Daniel Stenberg
- Re: [Add] Mozilla's DoH resolver policy Paul Wouters
- Re: [Add] Mozilla's DoH resolver policy Vladimír Čunát
- Re: [Add] Mozilla's DoH resolver policy Ralf Weber
- Re: [Add] Mozilla's DoH resolver policy Vladimír Čunát
- Re: [Add] Mozilla's DoH resolver policy Adam Roach
- Re: [Add] Mozilla's DoH resolver policy Peter Saint-Andre
- Re: [Add] Mozilla's DoH resolver policy Peter Saint-Andre
- Re: [Add] Mozilla's DoH resolver policy nusenu
- Re: [Add] [Ext] Mozilla's DoH resolver policy Paul Hoffman
- Re: [Add] [Ext] Mozilla's DoH resolver policy Peter Saint-Andre
- Re: [Add] [Ext] Mozilla's DoH resolver policy Adam Roach
- Re: [Add] [Ext] Mozilla's DoH resolver policy Brian Dickson
- Re: [Add] [Ext] Mozilla's DoH resolver policy Adam Roach
- Re: [Add] Mozilla's DoH resolver policy Vittorio Bertola
- Re: [Add] Mozilla's DoH resolver policy Wes Hardaker
- Re: [Add] Mozilla's DoH resolver policy Peter Saint-Andre
- Re: [Add] Mozilla's DoH resolver policy Ted Hardie
- Re: [Add] Mozilla's DoH resolver policy Wes Hardaker
- Re: [Add] Mozilla's DoH resolver policy Ted Hardie
- Re: [Add] Mozilla's DoH resolver policy Wes Hardaker
- Re: [Add] Mozilla's DoH resolver policy Christian Huitema
- Re: [Add] Mozilla's DoH resolver policy Mark Andrews
- Re: [Add] Mozilla's DoH resolver policy Wes Hardaker
- Re: [Add] Mozilla's DoH resolver policy Vittorio Bertola
- Re: [Add] Mozilla's DoH resolver policy Vittorio Bertola
- Re: [Add] Mozilla's DoH resolver policy Livingood, Jason
- Re: [Add] Mozilla's DoH resolver policy Livingood, Jason
- Re: [Add] Mozilla's DoH resolver policy Salz, Rich
- Re: [Add] Mozilla's DoH resolver policy Ben Schwartz
- Re: [Add] Mozilla's DoH resolver policy Adam Roach
- [Add] ECS privacy concerns, alternatives? Brian Dickson
- Re: [Add] ECS privacy concerns, alternatives? Brian Dickson
- Re: [Add] ECS privacy concerns, alternatives? Mark Delany
- Re: [Add] ECS privacy concerns, alternatives? Brian Dickson
- Re: [Add] ECS privacy concerns, alternatives? Mark Delany
- Re: [Add] Mozilla's DoH resolver policy Christian Huitema
- Re: [Add] ECS privacy concerns, alternatives? Brian Dickson
- Re: [Add] Mozilla's DoH resolver policy Geoff Huston
- Re: [Add] Mozilla's DoH resolver policy Ralf Weber
- Re: [Add] Mozilla's DoH resolver policy Paul Wouters
- Re: [Add] ECS privacy concerns, alternatives? Erik Nygren
- Re: [Add] ECS privacy concerns, alternatives? Joe Abley
- Re: [Add] ECS privacy concerns, alternatives? Brian Dickson
- Re: [Add] ECS privacy concerns, alternatives? Joe Abley
- Re: [Add] ECS privacy concerns, alternatives? Paul Hoffman
- Re: [Add] ECS privacy concerns, alternatives? Brian Dickson
- Re: [Add] Mozilla's DoH resolver policy Hollenbeck, Scott
- Re: [Add] Mozilla's DoH resolver policy Adam Roach
- Re: [Add] ECS privacy concerns, alternatives? Puneet Sood
- Re: [Add] ECS privacy concerns, alternatives? Erik Kline
- Re: [Add] ECS privacy concerns, alternatives? Brian Dickson