IETF Logo Mail Archive

Re: [dnsext] afasterinternet.com trial and draft-vandergaast-edns-client-subnet-00

Martin Barry <marty@supine.com> Tue, 06 September 2011 18:51 UTC

Return-Path: <marty@supine.com>
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1385221F8BEF for <dnsext@ietfa.amsl.com>; Tue, 6 Sep 2011 11:51:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cuWrddxrlRIF for <dnsext@ietfa.amsl.com>; Tue, 6 Sep 2011 11:51:32 -0700 (PDT)
Received: from tigger.mamista.net (tigger.mamista.net [IPv6:2001:470:1f05:a0f::1]) by ietfa.amsl.com (Postfix) with ESMTP id 2186421F8BE9 for <dnsext@ietf.org>; Tue, 6 Sep 2011 11:51:32 -0700 (PDT)
Received: by tigger.mamista.net (Postfix, from userid 1012) id 727201101CE; Wed, 7 Sep 2011 04:53:18 +1000 (EST)
Received: from merboo.mamista.net (merboo.mamista.net [IPv6:2001:470:1f0b:1055::1]) by tigger.mamista.net (Postfix) with ESMTP id CC04E1100B2 for <dnsext@ietf.org>; Wed, 7 Sep 2011 04:53:15 +1000 (EST)
Received: by merboo.mamista.net (Postfix, from userid 1000) id 4219920D37; Tue, 6 Sep 2011 20:53:14 +0200 (CEST)
Date: Tue, 06 Sep 2011 20:53:14 +0200
From: Martin Barry <marty@supine.com>
To: dnsext@ietf.org
Message-ID: <20110906185314.GB26523@merboo.mamista.net>
References: <20110830162134.GB84494@shinkuro.com> <CA+9kkMCih-NWxaxBRD+9LphZEb2k+ce8NkNBm6HHubJ1kDO9TQ@mail.gmail.com> <CAMbvoaKFvxqVR2GRYxF_WOctdM=0Pdw35vqKKtDyCePdN3VM8g@mail.gmail.com> <6.2.5.6.2.20110905114918.08670a18@resistor.net> <20110906072857.GA23307@merboo.mamista.net> <CA+9kkMCqp0gMFtVtW95SUYWKKqKZMihzRErkWu7Mcyi5y+K3TQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CA+9kkMCqp0gMFtVtW95SUYWKKqKZMihzRErkWu7Mcyi5y+K3TQ@mail.gmail.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Subject: Re: [dnsext] afasterinternet.com trial and draft-vandergaast-edns-client-subnet-00
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Sep 2011 18:51:33 -0000

$quoted_author = "Ted Hardie" ;
> 
> The current draft says:
> 
>    In any case, the response from the resolver to the client MUST NOT
>    contain the edns-client-subnet option if none was present in the
>    client's original request.  If the original client request contained
>    a valid edns-client-subnet option that was used during recursion, the
>    Recursive Resolver MUST include the edns-client-subnet option from
>    the Authoritative Nameserver response in the response to the client.
> 
> Given that, how is the client to know whether the service they are using enables
> edns-client-subnet?

You could, as Nicholas suggested, test a query with edns-client-subnet set.

However I would expect that the information these providers offer to
potential users contains advice that use of the service implies opting-in to
the forwarding of the range containing the user's IP to other services to
improve geo-IP responses. I'm sure users will read it and understand it much
like they do all the other fine print. However, I'm sure anyone who cares
about privacy to this extent is probably already too risk averse to use said
services anyway.

cheers
Marty

v2.23.0 | Report a Bug | By Email