Re: I-D Action: draft-pauly-httpbis-geoip-hint-01.txt
David Schinazi <dschinazi.ietf@gmail.com> Fri, 25 October 2024 23:58 UTC
Received: by ietfa.amsl.com (Postfix) id 26354C151061; Fri, 25 Oct 2024 16:58:49 -0700 (PDT)
Delivered-To: ietfarch-httpbisa-archive-bis2juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 25896C14F714 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 25 Oct 2024 16:58:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.855
X-Spam-Level:
X-Spam-Status: No, score=-2.855 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=w3.org header.b="ldEAy3jJ"; dkim=pass (2048-bit key) header.d=w3.org header.b="AOKp8bYc"; dkim=pass (2048-bit key) header.d=gmail.com header.b="hJn8s4WI"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id woc7sPyEE3yt for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 25 Oct 2024 16:58:45 -0700 (PDT)
Received: from mab.w3.org (mab.w3.org [IPv6:2600:1f18:7d7a:2700:d091:4b25:8566:8113]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 30E82C14F711 for <httpbisa-archive-bis2Juki@ietf.org>; Fri, 25 Oct 2024 16:58:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=w3.org; s=s1; h=Subject:Content-Type:Cc:To:Message-ID:Date:From:In-Reply-To: References:MIME-Version:Reply-To; bh=Jz2B5WbK8E/apPzKWKGk8UYwkGPNgRq7u1jx18EZgyQ=; b=ldEAy3jJUCLXX1jTbrp3Bkkl6g KGZS5DtgNmQuhqpLCMRGf3Q0m3j0mkHAMXlcl7pKFyNdkidnkg0VzOD/RPBXjdxTRCrCpDKPr5nWw gq5zyoYZpD+5tlDhVl8kjbssEOCiohvGEtZOzvBps6BcxTztLcMTfawyM+Go1papSA+I1bNgSjGbZ 16atMY5wdL6HhXeivHGCQznyKKO9Wvf5asOZlVmdfAm50+dr8NPPdrr61lzoLUketvehhtmXUyKWD PrUthnjF36FfnQJ0f/fFoALoDWKOeZtR0066Uf8O9eKFHcCKvarNzbBULmOtZULN3Sx1Gp/4RlM+m odA+p2Kg==;
Received: from lists by mab.w3.org with local (Exim 4.96) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1t4UBg-0011dH-27 for ietf-http-wg-dist@listhub.w3.org; Fri, 25 Oct 2024 23:57:48 +0000
Resent-Date: Fri, 25 Oct 2024 23:57:48 +0000
Resent-Message-Id: <E1t4UBg-0011dH-27@mab.w3.org>
Received: from ip-10-0-0-144.ec2.internal ([10.0.0.144] helo=pan.w3.org) by mab.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from <dschinazi.ietf@gmail.com>) id 1t4UBd-0011bv-36 for ietf-http-wg@listhub.w3.internal; Fri, 25 Oct 2024 23:57:45 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=w3.org; s=s1; h=Content-Type:Cc:To:Subject:Message-ID:Date:From:In-Reply-To: References:MIME-Version:Reply-To; bh=Jz2B5WbK8E/apPzKWKGk8UYwkGPNgRq7u1jx18EZgyQ=; t=1729900665; x=1730764665; b=AOKp8bYcvk/40ydU1qU1LXnIfpOTs/pcqDhAdihHoeAM7GQFjnmrZiPdCzWHEhXK8caiV//6S1o q+17p4uWxdAwdxA+qSSOV7t+k8ge6N1LdOc6t7sICwP5Lf6AHOG1g5EWyKch2KoJwTnFKIWFJoXCj aW/xqEhPpBsYb/zwkGPIyvIzPwuVWJlgqt8jmhJYKBbi2sSDwOj6Mg0MUOg4jnnzXWiHhUiHU91VQ DKJwXtbYK3WaQ58tHMhILrH12x/zwM+qQAu888tN7SeMytPv9ntgAJCCrlvYlv0NL4+WZHLL2xJIk KA2WCMN30IUJR0mjRvQg0/ClyFr9hPtdRmTQ==;
Received-SPF: pass (pan.w3.org: domain of gmail.com designates 2a00:1450:4864:20::62c as permitted sender) client-ip=2a00:1450:4864:20::62c; envelope-from=dschinazi.ietf@gmail.com; helo=mail-ej1-x62c.google.com;
Received: from mail-ej1-x62c.google.com ([2a00:1450:4864:20::62c]) by pan.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.96) (envelope-from <dschinazi.ietf@gmail.com>) id 1t4UBd-00CyLX-0Z for ietf-http-wg@w3.org; Fri, 25 Oct 2024 23:57:45 +0000
Received: by mail-ej1-x62c.google.com with SMTP id a640c23a62f3a-a9aa8895facso394813166b.2 for <ietf-http-wg@w3.org>; Fri, 25 Oct 2024 16:57:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1729900661; x=1730505461; darn=w3.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=Jz2B5WbK8E/apPzKWKGk8UYwkGPNgRq7u1jx18EZgyQ=; b=hJn8s4WIWUTqezAw1j+nVdl1IO8BqiQEKWcJlubam/ruw712TMOVTCs4q7MMJY632J X60f+t+eBpoFwvUYehzfCH7WYodSKzVbLF2dlDJuQ6srBbmF8Pj1/U7piw8YnvarYP2i x0U08NnkrI3QccM/dANcxMcJ5qRWgH3BIdPWAkVSslFOFZ56NoUgE2zlDkECU0OLcyd7 XNk9Tq8AHf64vGlnVx/q08TSYX7yM89A2KTHslQ3PPfkEeM66U88itKZhlSG64bdfFxf JnzQrGqBJZa8CXLjpZrlAfCudl52gjtYU9jWh8ahcdC/+Zllh9m2ZFRnRtwYEcr4sbfL fWHQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1729900661; x=1730505461; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=Jz2B5WbK8E/apPzKWKGk8UYwkGPNgRq7u1jx18EZgyQ=; b=dBHoTyCx1EiY+AILAvxpQdtRr194iWwaQoMD/0QEoLGiaQIIEGslDxV9gnSYtA03Zy nrQKssBjtzlcBM1KzGP5SCorDOsowL6wWgxV8ADtsmIYfrVJ8naAL0iJQIzJ9aLpsKYQ Ph9B1X6OeIiSkrCaDcXdf3IERPsqjPRB1Te6TPVIUanvwO0AGa5GQoxFgZ86EhDYERXB uXd5wR4x1puCYpapjfd0DLThHM82ppcZzjJcSq975nLcbh/OzqhnOLT+DWbW0Nv23piR tmQySsB8uJuYU29pxmqp0P1nDlrjYodPL9y+Ze+1o+vv+gRZEt4tVuwROfP5ovVh8zxU Wt4Q==
X-Forwarded-Encrypted: i=1; AJvYcCWMUcgAB6Qw6sTZQ6E41cb6jsr4+bAiH8LeSw5/4nmRe0NVWLkUv5UPnU+5Z44Aiegm6ZEf0hqp/Y9U8rk=@w3.org
X-Gm-Message-State: AOJu0YyDVb3i1kG25ORy3qCraE5qEQrjQiaA4hXOAQVA4Xjgmb9bUHRX xu26QypzKTcUwRBK7Bj5KdsTsqAA+MkDmhpnSZpMRnU8m7/luYIO2f0zv9z6c4aFE9PlpaCLw5+ SMgD61ALAlKBDJQV8PPyasME3C+kiuJCb
X-Google-Smtp-Source: AGHT+IEXYcgNySxYaWB/1ReGt6WIXcfgbzLc8kuYv6pwQJuu6AY10OHnx7kjsOMwicAQNmKID4jmGysID6LsbFw4YZk=
X-Received: by 2002:a17:907:9413:b0:a9a:1f8:6c9b with SMTP id a640c23a62f3a-a9de5fe7455mr62794266b.37.1729900660778; Fri, 25 Oct 2024 16:57:40 -0700 (PDT)
MIME-Version: 1.0
References: <172930911536.1572955.2338773880607790380@dt-datatracker-78dc5ccf94-w8wgc> <SA1PR15MB43709DBA4D4E98D8D9CC2D81B34C2@SA1PR15MB4370.namprd15.prod.outlook.com> <CAPDSy+4CWcJOK+w31xcd7WRkZS--YpAHOJQ+3LU2uL2Srg1Gng@mail.gmail.com> <SA1PR15MB4370790CAA0D22823698F7A3B34E2@SA1PR15MB4370.namprd15.prod.outlook.com> <CAPDSy+61e8-uc1uFoK4PFWj_FLtQkWY+UXRZTf3bctQESX53uA@mail.gmail.com> <CA+9kkMDe4zG9-u5SPSS8xsKQ2uZwzyrNGD=GnPaC0+bqjWne8g@mail.gmail.com>
In-Reply-To: <CA+9kkMDe4zG9-u5SPSS8xsKQ2uZwzyrNGD=GnPaC0+bqjWne8g@mail.gmail.com>
From: David Schinazi <dschinazi.ietf@gmail.com>
Date: Fri, 25 Oct 2024 16:57:29 -0700
Message-ID: <CAPDSy+4g4YX9sz19GADAMxoQw8rWRRx05-KPsXN6oMCDX4iTnw@mail.gmail.com>
To: Ted Hardie <ted.ietf@gmail.com>
Cc: Ben Schwartz <bemasc@meta.com>, Stephen Farrell <stephen.farrell@cs.tcd.ie>, Watson Ladd <watsonbladd@gmail.com>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Content-Type: multipart/alternative; boundary="00000000000061f20b062555e2af"
X-W3C-Hub-DKIM-Status: validation passed: (address=dschinazi.ietf@gmail.com domain=gmail.com), signature is good
X-W3C-Hub-Spam-Status: No, score=-6.1
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, DMARC_PASS=-0.001, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, W3C_AA=-1, W3C_DB=-1, W3C_IRA=-1, W3C_WL=-1
X-W3C-Scan-Sig: pan.w3.org 1t4UBd-00CyLX-0Z d408c1cb7ccdbf0a6a4754b4fab9c842
X-Original-To: ietf-http-wg@w3.org
Subject: Re: I-D Action: draft-pauly-httpbis-geoip-hint-01.txt
Archived-At: <https://www.w3.org/mid/CAPDSy+4g4YX9sz19GADAMxoQw8rWRRx05-KPsXN6oMCDX4iTnw@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/52480
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/email/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
Hi Ted, While going back to the drawing board can be sad, I'm definitely open to it. We have specific design requirements, but we're not wedded to any particular solution. I'm not sure I understand your alternative proposal though. In today's world, privacy proxies already publish their egress IPs publicly along with the corresponding geos. (For example, Apple's is at [1].) One issue is that everyone hasn't ingested that list, but that could be solved over time. The other issue is that we'd like to reduce the granularity of this published mapping. This has two advantages: first it saves the proxy provider money now that IPv4 addresses are expensive, and second it improves privacy - because now the egress IP has a more coarse geographic mapping, and only the servers that request the client hint get access to the more detailed location. The browser can also now choose to refuse to send the client hint if it determines that the server shouldn't have this information. Unless I'm misunderstanding your proposal, it doesn't provide either of these two advantages. David [1] https://mask-api.icloud.com/egress-ip-ranges.csv On Fri, Oct 25, 2024 at 6:54 AM Ted Hardie <ted.ietf@gmail.com> wrote: > Thanks to Tommy for his previous comments; since this occurs later in the > thread and addresses one of the points I made as well, I'm choosing to > answer here, but I have read the full thread to this point. > > On Thu, Oct 24, 2024 at 9:54 PM David Schinazi <dschinazi.ietf@gmail.com> > wrote: > >> Hi everyone, >> >> I'm realizing I've been using some terminology without defining it, >> leading to some confusion. Let's create a distinction between two distinct >> kinds of IP-hiding technologies. >> >> 1) privacy proxies. Examples of these include Google's IP Protection and >> Apple's iCloud Private Relay. These are affiliated with a browser, and >> integrated pretty tightly with that browser (and/or operating system). The >> goal of these is to prevent websites from having access to the user's IP >> address, because that represents a stable tracking identifier. However, >> these privacy proxies do not try to hide the user's coarse location. They >> look at the client's IP address, map that to a city (for Google, we map it >> to the closest grouping of 500'000 people for example), and then the >> privacy proxy picks an egress IP address that's registered to that city in >> a public geofeed. While websites have lost the ability to see the client's >> IP address, they can still access the client's coarse location. Note that >> this coarseness is often configurable by the user. >> >> > Combined with Tommy's answer, what we see is a problem with data known to > the geo-ip database about the egress IP selected by the privacy proxy. If > it is stale or wrong, the client gets a worse experience. You want to > improve that experience by having the privacy proxy select the location > (based on its knowledge of source IP) rather than the server select it > based on its geo-ip lookup of the egress IP. This would presumably also > allow the privacy proxies to use fewer egress IPs. > > The difficulty I have here is that your technical solution is in no way > limited to that deployment. As Ben's pointed out, there are a bunch of > related deployments in which a standard VPN provider might want the same > thing, and I am sure that once this is standardized we will see it used in > places where there is no proxy in use at all (enterprises, for example, > using DHCP location on the device to populate this and then give > location-appropriate responses at service portals etc.). > > If we step back to the key issue, a completely different approach would be > for a service to indicate its willingness to get crowd-sourced geofeeds > from privacy proxies or other intermediaries. Those intermediaries could > test for that service and provide an up-to-date and appropriate geolocation > for their egress IPs. That sorts the issue of the geolocation being stale > in a database by allowing for the creation of a local database that is > correct, but leaves the rest of the system as it is. That approach has its > own technical issues (you'd need to manage authentication, for example by a > return routability check), but the simple fact that there are completely > different approaches is why I want to push us back to the architectural > discussion. > > I'm sure that's not terribly welcome feedback given that this document has > already been percolating for 2 years, but I think that there is ample > evidence that folks would be willing to engage in the discussion if you > wanted to set up a design-team mailing list and hash it out. > > Thanks again for your willingness to engage and on the improvements and > comments to date. > > regards, > > Ted Hardie >
- I-D Action: draft-pauly-httpbis-geoip-hint-01.txt internet-drafts
- Re: I-D Action: draft-pauly-httpbis-geoip-hint-01… Stephen Farrell
- Re: I-D Action: draft-pauly-httpbis-geoip-hint-01… Mark Nottingham
- Re: I-D Action: draft-pauly-httpbis-geoip-hint-01… Stephen Farrell
- Re: I-D Action: draft-pauly-httpbis-geoip-hint-01… Mark Nottingham
- Re: I-D Action: draft-pauly-httpbis-geoip-hint-01… Stephen Farrell
- Re: I-D Action: draft-pauly-httpbis-geoip-hint-01… Mark Nottingham
- Re: I-D Action: draft-pauly-httpbis-geoip-hint-01… Watson Ladd
- Re: I-D Action: draft-pauly-httpbis-geoip-hint-01… Stephen Farrell
- Re: I-D Action: draft-pauly-httpbis-geoip-hint-01… Ted Hardie
- Re: I-D Action: draft-pauly-httpbis-geoip-hint-01… Ted Hardie
- Re: I-D Action: draft-pauly-httpbis-geoip-hint-01… Ben Schwartz
- Re: I-D Action: draft-pauly-httpbis-geoip-hint-01… Ted Hardie
- Re: I-D Action: draft-pauly-httpbis-geoip-hint-01… Rory Hewitt
- Re: I-D Action: draft-pauly-httpbis-geoip-hint-01… Nick Doty
- Re: I-D Action: draft-pauly-httpbis-geoip-hint-01… Ted Hardie
- Re: I-D Action: draft-pauly-httpbis-geoip-hint-01… David Schinazi
- Re: I-D Action: draft-pauly-httpbis-geoip-hint-01… Tommy Pauly
- Re: I-D Action: draft-pauly-httpbis-geoip-hint-01… Ben Schwartz
- Re: I-D Action: draft-pauly-httpbis-geoip-hint-01… David Schinazi
- Re: I-D Action: draft-pauly-httpbis-geoip-hint-01… Ben Schwartz
- Re: I-D Action: draft-pauly-httpbis-geoip-hint-01… David Schinazi
- Re: I-D Action: draft-pauly-httpbis-geoip-hint-01… David Schinazi
- Re: I-D Action: draft-pauly-httpbis-geoip-hint-01… Ted Hardie
- Re: I-D Action: draft-pauly-httpbis-geoip-hint-01… Rory Hewitt
- Re: I-D Action: draft-pauly-httpbis-geoip-hint-01… David Schinazi
- Re: I-D Action: draft-pauly-httpbis-geoip-hint-01… Ted Hardie
- Re: I-D Action: draft-pauly-httpbis-geoip-hint-01… Dustin Mitchell
- Re: I-D Action: draft-pauly-httpbis-geoip-hint-01… Stephen Farrell
- Re: I-D Action: draft-pauly-httpbis-geoip-hint-01… David Schinazi
- Re: I-D Action: draft-pauly-httpbis-geoip-hint-01… Stephen Farrell
- Re: I-D Action: draft-pauly-httpbis-geoip-hint-01… Watson Ladd
- Re: I-D Action: draft-pauly-httpbis-geoip-hint-01… Stephen Farrell
- Re: I-D Action: draft-pauly-httpbis-geoip-hint-01… David Schinazi
- Re: I-D Action: draft-pauly-httpbis-geoip-hint-01… Stephen Farrell
- Re: I-D Action: draft-pauly-httpbis-geoip-hint-01… Ted Hardie
- Re: I-D Action: draft-pauly-httpbis-geoip-hint-01… David Schinazi