Re: [DNSOP] FW: New Version Notification for draft-pan-dnsop-edns-isp-location-00
Lanlan Pan <abbypan@gmail.com> Mon, 20 March 2017 03:41 UTC
Return-Path: <abbypan@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 524C9129462 for <dnsop@ietfa.amsl.com>; Sun, 19 Mar 2017 20:41:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G4TdeafSmQbm for <dnsop@ietfa.amsl.com>; Sun, 19 Mar 2017 20:40:59 -0700 (PDT)
Received: from mail-wm0-x229.google.com (mail-wm0-x229.google.com [IPv6:2a00:1450:400c:c09::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BE4A812953F for <dnsop@ietf.org>; Sun, 19 Mar 2017 20:40:58 -0700 (PDT)
Received: by mail-wm0-x229.google.com with SMTP id t189so54284598wmt.1 for <dnsop@ietf.org>; Sun, 19 Mar 2017 20:40:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=gdU9kLqeXrT1Bp+S+MtstVvcUwuxtvkYGsuli0RtCu4=; b=WK648Eo14FEyS85760JY43byneqXkcucVXCB1Gsfi0XUV7iHnJWK0wXq7JV4WO1gpg k9FKpF2pTxuoUrl8+49+XMf8NXMLmCuuqI2fw2kufBb3okAL0+48RSNCFa8EBBNK7XD1 Gqb8ZLjOVTq3ao6HeQU1aKEXoo4DQuiF8psy3Ph21wnZA9oCkrQ8DLnp20Iki6PfDwl7 gYiqO8Mr/sWxknZFnc8BgcJ6PQ1w1eRi05rMlhEw0fcrmDYsvIUwKFrjCP0HlFfJzXKf j8V9/GebqZ/6GeO6rXocK6nf1KpuYGoI1c91ZAd74npMbcQ1FTrQfYMP9Q/GJ28VKW08 cc0w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=gdU9kLqeXrT1Bp+S+MtstVvcUwuxtvkYGsuli0RtCu4=; b=VHF1THc2YZYhXJlS0l81stmu2kEQS+cxSczfV9sr1TNeGkTepf7BO03apMmXEqw8aC txI989iLAlEKu09DO5hltNRihVcw2dVDxN/p5xhvUu3vh+Z+y7oKB3hzaAAOu1b4mqwG S/q1WDdNyJZIh7BJL+eeiHjetAiMmpgyqwoSPZ9hF10qd3z6R5+qCDc6BIdonSbweT1s RiwI2LFgbqlRqvAov+lfie1cLNNukrqtDRCoCdkBVJgJh4XS+xvSpXdKzUW9ntE2UeC0 kPQQRZGNaEV+egrjSm6YK7j9h+/kZzXFcGnCd0iRUy0bKx+N6cyO8sT0QVtTl9559KB2 utsg==
X-Gm-Message-State: AFeK/H0Tw6yhEBSIlwWvV7Fe1/t85klzAkwGs1zdz848fM8FicfrHWpKDQ2CjaYaPiPXZlv3Gh9L/mHaZHq22w==
X-Received: by 10.28.152.11 with SMTP id a11mr8007679wme.64.1489981257301; Sun, 19 Mar 2017 20:40:57 -0700 (PDT)
MIME-Version: 1.0
References: <000f01d29dfe$50b6b190$f22414b0$@cn> <CANLjSvXGO3rSpqb7hzwmV=vfm=UTHnQYqfBmt=uD9Mi8cL59Jg@mail.gmail.com> <CAHw9_i+bgm=h144Qga1_y2Rdgxgzff1dxeVo2+e4AR-gKtVJ3Q@mail.gmail.com>
In-Reply-To: <CAHw9_i+bgm=h144Qga1_y2Rdgxgzff1dxeVo2+e4AR-gKtVJ3Q@mail.gmail.com>
From: Lanlan Pan <abbypan@gmail.com>
Date: Mon, 20 Mar 2017 03:40:46 +0000
Message-ID: <CANLjSvXUXVj7yipc5-OtgJpaOAWM8=xtg_pCfemZ1Hrnv9iPLQ@mail.gmail.com>
To: Warren Kumari <warren@kumari.net>
Cc: dnsop <dnsop@ietf.org>, "fuyu@cnnic.cn" <fuyu@cnnic.cn>
Content-Type: multipart/alternative; boundary="001a114b94129043ae054b214b39"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/j9wFaBVUaDfQTpuGRIiffB9zu4g>
Subject: Re: [DNSOP] FW: New Version Notification for draft-pan-dnsop-edns-isp-location-00
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Mar 2017 03:41:02 -0000
Hi Warren, Obviously we all know that network topology is not equal to physical topology. To give "most precisely" for authoritative servers to decide most satisfied "network topology", ECS use client subnet. At NDSS there is a question that "why not directly use AS number" ? client subnet can be maped into AS number, which is used for bgp route at network topology. My answer was that AS4134 cover multiple provinces in china, from south China to north China, 2000+ kilometers physical distance, also, with long latency at network topology. As the maxmind ip geo database showed in the slide, my key point is that, the "country, province, isp" information can offer the same "network topology" information like client subnet. We tell Authorative servers that, "I want to know what is most satisfied ip address for clients from CHINA, BEIJING, TELECOM at network topology". But not "I want to know what is the nearest ip address for clients from CHINA, BEIJING, TELECOM at physical topology". Thanks Lanlan & Yu. Warren Kumari <warren@kumari.net>于2017年3月18日周六 下午5:08写道: > On Sat, Mar 18, 2017 at 2:57 AM, Lanlan Pan <abbypan@gmail.com> wrote: > > Hi all, > > > > In NDSS 2017 DNS Privacy Workshop, I presented a EIL option as an > > alternative privacy improvement for ECS. > > Yes, and at NDSS I provided the following feedback (which perhaps you > misunderstood) > > Much of the reason that CDNs (and similar) perform things like ECS / > geo-IP is not because they want to know where the user physically is, > but because they want to provide the fastest, lowest latency > responses; physical topology is not the same as network topology... > > RFC7871 makes this quite clear, for example: > > Topologically Close: Refers to two hosts being close in terms of the > number of hops or the time it takes for a packet to travel from > one host to the other. The concept of topological distance is > only loosely related to the concept of geographical distance: two > geographically close hosts can still be very distant from a > topological perspective, and two geographically distant hosts can > be quite close on the network. > > and wherever it talks about "close" it says things like "are > reasonably close in the topological sense" or "topologically close". > > > A pathological case is Fiji -- there are multiple ISPs, but very > little local peering (at least when I was last there) -- this means > that to get from one ISP to the other requires going down Southern > Cross, making a U-turn in Australia, and then going back up Southern > Cross. Geolocating a user on one ISP to a cache in another ISP would > add an additional 2 trips across SC, or ~4,000miles, or 6,400KM. > > A less pathological case is my home -- I'm right near Ashburn, > Virginia, USA (near Ashburn Equinix and many other datacenters), but > my "closest" (in terms of network topology) caches are in Atlanta, GA, > 643miles away.... > > W > > > > > > > > The paper and slide are attached. Test code in github : > > https://github.com/abbypan/dns_test_eil > > > > Any comments or suggestions will be appreciated. > > > > Regards. > > > > Yu Fu <fuyu@cnnic.cn>于2017年3月16日周四 上午10:37写道: > >> > >> Hi all, > >> > >> We have submitted a new draft as draft-pan-dnsop-edns-isp-location-00. > >> This document is an improved solution for ECS(RFC7871), describes an > EDNS > >> ISP Location (EIL) extension to address the privacy problem of ECS, > find the > >> right balance between privacy improvement and user experience > optimization. > >> EIL is defined to convey ISP location information that is relevant to > the > >> DNS message. It will provide sufficient information for the > Authoritative > >> Server to decide the response without guessing geolocation of the IP > >> address. > >> > >> Your comments are appreciated. > >> > >> Thanks > >> Lanlan & Yu > >> > >> >-----Original Message----- > >> >From: internet-drafts@ietf.org [mailto:internet-drafts@ietf.org] > >> >Sent: Monday, March 13, 2017 6:07 PM > >> >To: Pan Lanlan; Lanlan Pan; Yu Fu > >> >Subject: New Version Notification for > >> > draft-pan-dnsop-edns-isp-location-00.txt > >> > > >> > > >> >A new version of I-D, draft-pan-dnsop-edns-isp-location-00.txt > >> >has been successfully submitted by Yu Fu and posted to the IETF > >> > repository. > >> > > >> >Name: draft-pan-dnsop-edns-isp-location > >> >Revision: 00 > >> >Title: ISP Location in DNS Queries > >> >Document date: 2017-03-13 > >> >Group: Individual Submission > >> >Pages: 14 > >> >URL: > >> > > https://www.ietf.org/internet-drafts/draft-pan-dnsop-edns-isp-location-00.txt > >> >Status: > >> > https://datatracker.ietf.org/doc/draft-pan-dnsop-edns-isp-location/ > >> >Htmlized: > >> > https://tools.ietf.org/html/draft-pan-dnsop-edns-isp-location-00 > >> > > >> > > >> >Abstract: > >> > This document describes an Extension Mechanisms for DNS (EDNS0) > >> > option that is in active use to carry information about the network > >> > that originated a DNS query and the network for which the subsequent > >> > response can be cached. > >> > > >> > It is inspired by EDNS Client Subnet (ECS) with some privacy > >> > considerations, goals to reduce the "guess geolocation of client's > >> > IP" work on Authoritative Nameservers. > >> > >> > >> > >> > >> > >> The IETF Secretariat > >> > >> > >> _______________________________________________ > >> DNSOP mailing list > >> DNSOP@ietf.org > >> https://www.ietf.org/mailman/listinfo/dnsop > > > > -- > > 致礼 Best Regards > > > > 潘蓝兰 Pan Lanlan > > > > _______________________________________________ > > DNSOP mailing list > > DNSOP@ietf.org > > https://www.ietf.org/mailman/listinfo/dnsop > > > > > > -- > I don't think the execution is relevant when it was obviously a bad > idea in the first place. > This is like putting rabid weasels in your pants, and later expressing > regret at having chosen those particular rabid weasels and that pair > of pants. > ---maf > -- 致礼 Best Regards 潘蓝兰 Pan Lanlan
- [DNSOP] FW: New Version Notification for draft-pa… Yu Fu
- Re: [DNSOP] FW: New Version Notification for draf… Lanlan Pan
- Re: [DNSOP] FW: New Version Notification for draf… Warren Kumari
- Re: [DNSOP] FW: New Version Notification for draf… Barry Raveendran Greene
- Re: [DNSOP] FW: New Version Notification for draf… Lanlan Pan
- Re: [DNSOP] FW: New Version Notification for draf… Paul Vixie
- Re: [DNSOP] FW: New Version Notification for draf… Lanlan Pan
- Re: [DNSOP] [dns-privacy] FW: New Version Notific… Petr Špaček
- Re: [DNSOP] [dns-privacy] FW: New Version Notific… Brian Hartvigsen
- Re: [DNSOP] [dns-privacy] FW: New Version Notific… Lanlan Pan
- Re: [DNSOP] [dns-privacy] FW: New Version Notific… Ask Bjørn Hansen
- Re: [DNSOP] [dns-privacy] FW: New Version Notific… Lanlan Pan
- Re: [DNSOP] [dns-privacy] FW: New Version Notific… Ask Bjørn Hansen
- Re: [DNSOP] [dns-privacy] FW: New Version Notific… Lanlan Pan
- Re: [DNSOP] [dns-privacy] FW: New Version Notific… Paul Vixie
- Re: [DNSOP] [dns-privacy] FW: New Version Notific… Lanlan Pan
- Re: [DNSOP] [dns-privacy] FW: New Version Notific… Paul Vixie
- Re: [DNSOP] [dns-privacy] FW: New Version Notific… Lanlan Pan
- Re: [DNSOP] [dns-privacy] FW: New Version Notific… Barry Raveendran Greene
- Re: [DNSOP] [dns-privacy] FW: New Version Notific… Lanlan Pan