Re: [dnsext] Possible alternatives to draft-vandergaast-edns-client-ip-00.txt ?
Ted Hardie <ted.ietf@gmail.com> Wed, 03 February 2010 20:21 UTC
Return-Path: <owner-namedroppers@ops.ietf.org>
X-Original-To: ietfarch-dnsext-archive@core3.amsl.com
Delivered-To: ietfarch-dnsext-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id DE22F3A6978; Wed, 3 Feb 2010 12:21:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.808
X-Spam-Level:
X-Spam-Status: No, score=-2.808 tagged_above=-999 required=5 tests=[AWL=-2.313, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, RDNS_NONE=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id N8Det1k9gTvz; Wed, 3 Feb 2010 12:21:47 -0800 (PST)
Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 7B6043A6A3C; Wed, 3 Feb 2010 12:21:43 -0800 (PST)
Received: from majordom by psg.com with local (Exim 4.71 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1NcleS-0009uo-ET for namedroppers-data0@psg.com; Wed, 03 Feb 2010 20:16:40 +0000
Received: from [209.85.216.204] (helo=mail-px0-f204.google.com) by psg.com with esmtp (Exim 4.71 (FreeBSD)) (envelope-from <ted.ietf@gmail.com>) id 1NcleP-0009uU-Pv for namedroppers@ops.ietf.org; Wed, 03 Feb 2010 20:16:38 +0000
Received: by pxi42 with SMTP id 42so2805325pxi.5 for <namedroppers@ops.ietf.org>; Wed, 03 Feb 2010 12:16:37 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type; bh=iOXYrDLpv31Z9MbOUSlbEMVbj5SChAyfPd+C4wlyIpc=; b=Ekw13h/hx3fxuP1eWGGmQ5hBzmkiBq3yE1ofpYCzItiZ2Mz+p2zMC6Jl7d0lATwsnT Ykd63Ned+2hcN20YCYO81bxlzflbpCKSDGsxKZthUyCX9ZKE9f1nLGoRPcfEn/QQBQKi 33ZIiqNQWxksyFoSe/xmFWGZc/L6UbPULxTRU=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=CCqc12jLOtg5MOB0qXPM9NIdEqZPp3fLUgZEa3ksSC4uxCln9MJtUQXnAb4HupiRkQ mfwxgnPQBY8WBnE5zhtvgxGox8gIMRV5YboHH9IJEV+jXgxdFdof3ZTCrH8zYiWBGjZM Wxlg330uwQ8pV5KNkHOMXsXhHbxdFbzlOn6ik=
MIME-Version: 1.0
Received: by 10.142.118.20 with SMTP id q20mr43095wfc.135.1265228197517; Wed, 03 Feb 2010 12:16:37 -0800 (PST)
In-Reply-To: <3e1abd2c1002030906pec73aj9844392880568457@mail.gmail.com>
References: <3e1abd2c1002030906pec73aj9844392880568457@mail.gmail.com>
Date: Wed, 03 Feb 2010 12:16:37 -0800
Message-ID: <6e04e83a1002031216i669a6631u2b132b67a0ed6dbb@mail.gmail.com>
Subject: Re: [dnsext] Possible alternatives to draft-vandergaast-edns-client-ip-00.txt ?
From: Ted Hardie <ted.ietf@gmail.com>
To: Brian Dickson <brian.peter.dickson@gmail.com>
Cc: namedroppers@ops.ietf.org
Content-Type: text/plain; charset="ISO-8859-1"
Sender: owner-namedroppers@ops.ietf.org
Precedence: bulk
List-ID: <namedroppers.ops.ietf.org>
List-Unsubscribe: To unsubscribe send a message to namedroppers-request@ops.ietf.org with
List-Unsubscribe: the word 'unsubscribe' in a single line as the message text body.
List-Archive: <http://ops.ietf.org/lists/namedroppers/>
Hi Brian, Some comments in-line. On Wed, Feb 3, 2010 at 9:06 AM, Brian Dickson <brian.peter.dickson@gmail.com> wrote: > If we're uncomfortable with sending client IP addresses to authority > servers, how can similar results be achieved? > > This is similar to a problem in routing system design, which has been > looked at by the IRTF folks. > > It boils down to three choices - push, pull, or publish/query. > > All three have issues of scaling, timeliness, and > reliability/resiliency/shared-fate. > > Sending client IP (however you try to anonymize it) is a "push". > > Having the authority server(s)/CDN(s) somehow inform all the resolvers > in the world of their individual geo-ip (etc) boundaries (I don't even > know how that would even be possible) would be "pull", or "reverse > push". > I can imagine a different mix here that has the geo-ip boundaries published only to the interested resolvers. A resolver is "interested" whenever it has a query for which localization is available; the problem is that it induces latency. Imagine a resolver sending a query for an RR to the relevant authoritative server; it gets an answer and additional data that localization data is available. An interested resolver can then request the localization data and serve the localized answer instead of the original answer. This unfortunately generates at least one additional round-trip plus the processing time. If resolvers chose not to get localized data when the requester was local (presuming that the original answer had been localized to the resolvers IP), then this also leaks the information that the resolver thought the requester was local. This may fall into your publish/query model, but it seems slightly different. > The third alternative would be "publish/query". > > It could conceivable be done in a manner that would achieve some > manner of scalability, some transparency regarding privacy issues, and > presumably good interoperability with adequate backward compatibility. > > The exact mechanisms for signaling/negotiating usage of the mechanism > would likely be similar to draft-vandergaast-edns-client-ip-00.txt, > i.e. using EDNS[01] as an in-band, in-packet channel. (The alternative > would require additional look-ups.) > > The "publish" part would be that the geo-ip information used by such > CDN networks, would be published in a DNS zone somewhere, probably in > a format similar to in-addr.arpa and ip6.arpa, but under its own > domain or sub-domain. > > There would be one "tree" of geo-ip information per geo-ip provider, > whether that be internal to a CDN, or by a geo-ip provider, or whoever > else wants to do it themselves. > > The RR's in those trees would be "nonce" values, each representing an > equivalence class of whatever geographic location+granularity the > geo-ip provider identifies as being "the same". A set of IP addresses > the geo-ip provider thinks are "close" would share a nonce. > > The resolver would need to know which geo-ip tree to query, probably > signaled by either an EDNS[01] value (DNS label of the root of the > tree), or some kind of RR. > > The resolver would then look up (either in its cache, or directly) the > client's IP, to determine the nonce. > > The resolver would then attach the nonce in an EDNS[01] option to the > query, and the authority server would return an appropriate result. > > The use of the nonce effectively anonymizes the query/answer. > Doesn't this depend on the size of the set of IP addresses the geo-ip provider thinks is close? What if the set sharing a nonce is still a /24? > The use of the same tree for many authoritative zones effectively > further anonymizes the geo-ip lookups, since the likelihood of the > nonce being found in-cache increases monotonically over time. > > Paranoid clients can do lookups to well-known "safe" zones, or even > the geo-ip providers' nonce trees directly, to prime the cache, before > doing "real" lookups, e.g. of their <illegal goods/services > provider>'s web site. > > Comments on this idea? > > Anyone think it is worth pursuing? > > Brian > > I think it is very useful to think about the problem space more generally, rather than starting out with a solutions draft. regards, Ted Hardie
- [dnsext] Possible alternatives to draft-vandergaa… Brian Dickson
- Re: [dnsext] Possible alternatives to draft-vande… Ted Hardie
- Re: [dnsext] Possible alternatives to draft-vande… George Barwood
- Re: [dnsext] Possible alternatives to draft-vande… Brian Dickson