Re: [DNSOP] Fwd: New Version Notification for draft-pan-dnsop-edns-isp-location-02.txt
Lanlan Pan <abbypan@gmail.com> Mon, 31 July 2017 03:06 UTC
Return-Path: <abbypan@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 87F7E131CB6 for <dnsop@ietfa.amsl.com>; Sun, 30 Jul 2017 20:06:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id k0R4lw9hfm77 for <dnsop@ietfa.amsl.com>; Sun, 30 Jul 2017 20:06:04 -0700 (PDT)
Received: from mail-qt0-x241.google.com (mail-qt0-x241.google.com [IPv6:2607:f8b0:400d:c0d::241]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C7894120724 for <dnsop@ietf.org>; Sun, 30 Jul 2017 20:06:03 -0700 (PDT)
Received: by mail-qt0-x241.google.com with SMTP id u19so14476851qtc.0 for <dnsop@ietf.org>; Sun, 30 Jul 2017 20:06:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=kBT+goJrkCxgBI7jNB6/flyyHY4I3YGRD339dOmcw88=; b=RRcpJ0uVS/q0+ItkuUEMrhdsjg+UVX881eehnIpRDQfO+UKnpb5EIAUY1+7ctx6/Rh wgU8eXqzULJGAvADixlRY1qi32v3T0MaNluXuZA6IhyILk30YbYW3wXu1TaBv9iFQ0qC RbM0A+Q5Yh9m/byNpe3zuyFoezN8PGl3qBayWsKfvYMFx1o8CDRJMkGD9vaPLkSnJQd5 5IpAkvYZxPPHdvSsD/7tv6Sa54oxNf5zv54rdJoufwv9B0puACoZp5Z+yjI3wjDwikzh 1t9aImDhEPbnG+N6Xdwr8JKzCI+CIYO8RJ0554jEGF+YbqpDWlBFYiUn/DwRJsmGj73+ vtjA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=kBT+goJrkCxgBI7jNB6/flyyHY4I3YGRD339dOmcw88=; b=E8WyivPNoiWYq2rtGs/GRC7Pyv7jxNe3JuTkbPiAjJifl8HfPlVbBB8KCRR/TiXQ7q s8fC3taoVtU4gcMiH11WH2sYCAFBGzW4QWwbkYsOMoTh+nkDpGLrDyGraqhrOTuMvGmc NkzwTOWssjpVppGYqzD30qdUldguPqZe2HYBmotX4iex9PU4WPc0L7y1dYWxllwQbfoC chL5lMAxC+5Z9IqBvN8QizcZ9iOxGhjEZ4lIQSbYKy4jX2ZFiq/KXegWn6TCrA5O8x0u qKljVl3oXWEQM+s2PRY4qXF7zXJP3aHpSY2SKIOsPRGpNi9q4OfYZafG2UUM+P97RUOK r4JA==
X-Gm-Message-State: AIVw1130IiHkLDmpgQqMM74zNzRGNrz0Kq7xCRZSuamBvK8AjQXb7FUF HaHntAR5WA5ZPiv3I7KWj6qzo9+deI0g
X-Received: by 10.237.59.140 with SMTP id r12mr18793468qte.47.1501470362874; Sun, 30 Jul 2017 20:06:02 -0700 (PDT)
MIME-Version: 1.0
References: <150025655295.32691.13544492065984079858.idtracker@ietfa.amsl.com> <CANLjSvVFOVa77Pp=LgVqJ31mMZLL27FyvTnnrDXHUjuscOFUmQ@mail.gmail.com> <22892.32000.730535.635648@gro.dd.org> <20170728171723.6vyqrtm5enan4ttg@mycre.ws>
In-Reply-To: <20170728171723.6vyqrtm5enan4ttg@mycre.ws>
From: Lanlan Pan <abbypan@gmail.com>
Date: Mon, 31 Jul 2017 03:05:51 +0000
Message-ID: <CANLjSvXJb4rt37bNHdNgs85q6Ta7SEB07f_xVxhZCvoURFfNaA@mail.gmail.com>
To: Robert Edmonds <edmonds@mycre.ws>
Cc: dnsop <dnsop@ietf.org>, Dave Lawrence <tale@dd.org>
Content-Type: multipart/mixed; boundary="94eb2c1907b49fe6b20555944f21"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/0gl1NHm3jMbAxoyXHFHHX3tcXj8>
Subject: Re: [DNSOP] Fwd: New Version Notification for draft-pan-dnsop-edns-isp-location-02.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 31 Jul 2017 03:06:07 -0000
Hi Robert, Thanks for your comments. Robert Edmonds <edmonds@mycre.ws>于2017年7月29日周六 上午1:17写道: > Hi, > > Dave Lawrence wrote: > > Have you had any feedback from authority server implementers who are > > interested in using this? > > As an authority server implementer at a CDN -- we have no interest in > using anything like this. > Fastly support Creating location-based tagging <https://docs.fastly.com/guides/vcl/creating-location-based-tagging> , offer HTTP header like Fastly-GeoIP-CountryCode for geographically sensitive content, and Geolocation-related VCL features <https://docs.fastly.com/guides/vcl/geolocation-related-vcl-features>. Fastly has something like this, give tailor HTTP response based on client ip's Geo Feature. Hope you have interest to support something like this on DNS level in the future, welcome cooperation, :-) > > I'm having a hard time picturing many CDNs wanting to switch, in no > > small part because geo is not the only goal of mapping. The > > < COUNTRY, AREA, ISP > tuple that is defined is insufficient. > > Yes, as has been made clear in previous discussion on this document. > The "sufficient" vs "not sufficent" has repeat many times. Seperate path calculation and tailor DNS response <https://github.com/abbypan/dns_test_eil#path-calculation-and-tailored-dns-response>: CDN can do all analysis based on client ip *without ECS and EIL*, because it is data provider, every client will visit. Geoip enabled ECS vs EIL <https://github.com/abbypan/dns_test_eil#eil-is-sufficient-for-geoip-enabled-authoritative-nameserver> : The < COUNTRY, AREA, ISP > tuple *can be sufficient for GeoIP-enabled Authoritative Nameserver*. See also 3 pictures in attach. > Even if it were sufficient, using only a <COUNTRY, AREA, ISP> tuple to > direct traffic makes it incumbent on the resolver operator to accurately > geolocate the client IP and faithfully transmit the result to the > authoritative operator. For user privacy concern and realistic geoip-enabled authoritative server, EIL can be an alternative feature, not many cost on geoip-enabled authoritative server to add this feature. Generally speaking, the global public dns, which make resolver's IP not close to client's IP, is the origin of "response accurate problem". Their GeoIP database's accuracy should be no less than authoritative service providers. With ECS, authoritative server incumbent to accurately geolocate the client IP. Big company with huge number of users has advantage. EIL can be more fairly for small company and third patry startup authoritative sevice if they have less accuracy GeoIP database. Common security concern, if resolver not "faithfully transmit the <COUNTRY, AREA, ISP> tuple to the authoritative operator", would it "faithfully transmit the client-subnet tuple to the authoritative operator" ? If the resolver operator is an ISP, this > proposal would give the ISP an enormous amount of counter- traffic > engineering power by spoofing the COUNTRY/AREA fields. > ISP resolver (or all type resolvers) can redirect traffic because its key position, between user and authoritative server. Use the same logic, we can imagine that, ECS can give the ISP an enormous amount of counter- traffic engineering power by spoofing the CLIENT-SUBNET fields. > -- > Robert Edmonds > -- 致礼 Best Regards 潘蓝兰 Pan Lanlan
- [DNSOP] Fwd: New Version Notification for draft-p… Lanlan Pan
- Re: [DNSOP] Fwd: New Version Notification for dra… Dave Lawrence
- Re: [DNSOP] Fwd: New Version Notification for dra… Lanlan Pan
- Re: [DNSOP] Fwd: New Version Notification for dra… Robert Edmonds
- Re: [DNSOP] Fwd: New Version Notification for dra… Lanlan Pan