IETF Logo Mail Archive

Re: Call for Adoption: draft-pauly-httpbis-geoip-hint

Martin Thomson <mt@lowentropy.net> Tue, 06 September 2022 00:32 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C6F69C1524DB for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 5 Sep 2022 17:32:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.758
X-Spam-Level:
X-Spam-Status: No, score=-2.758 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b=Ge8YxecJ; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=3SUe6VAy
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jvwMlmfdzKxz for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 5 Sep 2022 17:32:44 -0700 (PDT)
Received: from lyra.w3.org (lyra.w3.org [128.30.52.18]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7238DC1524D3 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Mon, 5 Sep 2022 17:32:43 -0700 (PDT)
Received: from lists by lyra.w3.org with local (Exim 4.94.2) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1oVMTC-00E3wo-3T for ietf-http-wg-dist@listhub.w3.org; Tue, 06 Sep 2022 00:29:38 +0000
Resent-Date: Tue, 06 Sep 2022 00:29:38 +0000
Resent-Message-Id: <E1oVMTC-00E3wo-3T@lyra.w3.org>
Received: from mimas.w3.org ([128.30.52.79]) by lyra.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <mt@lowentropy.net>) id 1oVMTA-00E3vq-Tt for ietf-http-wg@listhub.w3.org; Tue, 06 Sep 2022 00:29:36 +0000
Received: from wout3-smtp.messagingengine.com ([64.147.123.19]) by mimas.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <mt@lowentropy.net>) id 1oVMT9-009u6n-0W for ietf-http-wg@w3.org; Tue, 06 Sep 2022 00:29:36 +0000
Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.west.internal (Postfix) with ESMTP id 4C4C632008C3 for <ietf-http-wg@w3.org>; Mon, 5 Sep 2022 20:29:22 -0400 (EDT)
Received: from imap41 ([10.202.2.91]) by compute3.internal (MEProxy); Mon, 05 Sep 2022 20:29:22 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=cc:content-type:date:date:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:sender:subject :subject:to:to; s=fm2; t=1662424161; x=1662510561; bh=/lBu3IFHJT /oOAaFe/dtZ91GVKA9tdnXE7/mnm9dBtk=; b=Ge8YxecJWPKoqLKtgThFbFuTds QkSDd6cIyG511sP8BmQVgqhB1bnGLNPXuZgJawQ4E19jGm94dCiIwfSGfVHRLbog Sb75pB4XfWzBPaZrVMKubrm68y9vEmNOmqsQAPWfcvBWMRLY50mbHUhID3xzsBBB 0TC5Jf6iecsEXI6d/glruiI4KxbtKKFK5bjJ39LRdwrHOIMyb7TtHldMzMewxheJ D0Ku2njZi7efeBeXq1dN7VydWQB6B8i6bp/FA+NAgw3YWOPSel1N9nVUlNLvCe53 /g4YOedM6H+irZqC3Agfc+xo86pyjh/wyy5QvnU4L04tGQgZBew4a7dAF6bA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:date:feedback-id :feedback-id:from:from:in-reply-to:in-reply-to:message-id :mime-version:references:reply-to:sender:subject:subject:to:to :x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm1; t=1662424161; x=1662510561; bh=/lBu3IFHJT/oOAaFe/dtZ91GVKA9 tdnXE7/mnm9dBtk=; b=3SUe6VAyLgaardIfvKmbU81cTrs6GJYXdlVqnsm2rJD0 YOJX5ZReKMNN1n/nXtEfF2L5iYc5N7hQ6gZ6e68sKYI9pk1XB1Xfa4RZTvqElyTh dG5kSCxvXle8UlRrHSgEz7/iQhGjPt7DeadvifvCik9NKQ1rywUNechbcVD7I+Gu wI9rzp6NTZ87BZjumq9p4axRwCsZy4fobxcV0bAXmN0GZHm4FX9EptIkcox3HH35 Yoe5JM6/5XZk0PxQbmJZJXy6vt3Y9IFsUIuqosqZl7qE4vUTE2+ofiHeVwUJT1nW w3ihBBx2sm9538xMSrY0VByN0xY+A9qFUsMAacrsnQ==
X-ME-Sender: <xms:YZQWY4GvGWEXCEOT20rCN69KpuIQihF5ZD4efIW7lMh02QXtoFngYQ> <xme:YZQWYxW8f1yC_Wpm_q-nLfWHFRY9pKfLr4083P0bR5bhsagf3zMf3nn4NQNKKF2mj dItAqXfVyqi_7wLnig>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvfedrvdeljedgfeegucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefofgggkfgjfhffhffvufgtsehttd ertderredtnecuhfhrohhmpedfofgrrhhtihhnucfvhhhomhhsohhnfdcuoehmtheslhho figvnhhtrhhophihrdhnvghtqeenucggtffrrghtthgvrhhnpeevjeehtdegtdetiedvje eflefhheetudfgueeiveduuddvveejtdejteefffekudenucffohhmrghinhepihgvthhf rdhorhhgpdhmnhhothdrnhgvthenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmh epmhgrihhlfhhrohhmpehmtheslhhofigvnhhtrhhophihrdhnvght
X-ME-Proxy: <xmx:YZQWYyJLGrZvIvpxpML4F9rL7VwvrIzEFOH3WqZFluRjgeUn97MnIg> <xmx:YZQWY6H17Sz8uij3kn2yxIb0Uz7NcgIT6tXoavlWrlZqN0WqnrtndA> <xmx:YZQWY-X_rzbqaNlY2ORdU8s8sRPzx3rNc4ZIlSXuA2ETj6_o-mKvKw> <xmx:YZQWY2gpRoErfjPzjZTuEVhy9TDF8jGxHrMz0T51XhHMgK03E2rzng>
Feedback-ID: ic129442d:Fastmail
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 96EE5234007B; Mon, 5 Sep 2022 20:29:21 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.7.0-alpha0-927-gf4c98c8499-fm-20220826.002-gf4c98c84
Mime-Version: 1.0
Message-Id: <7eb4e0f8-a388-4ea3-8d9a-89777c69f515@betaapp.fastmail.com>
In-Reply-To: <CA+9kkMBbzXUDTmXnp7KRXdKUTdHn5HjjDLBjwkwHYT3-yiKheg@mail.gmail.com>
References: <694DD6A2-5191-488C-8A93-FE670992204D@mnot.net> <CA+9kkMBbzXUDTmXnp7KRXdKUTdHn5HjjDLBjwkwHYT3-yiKheg@mail.gmail.com>
Date: Tue, 06 Sep 2022 10:29:01 +1000
From: Martin Thomson <mt@lowentropy.net>
To: ietf-http-wg@w3.org
Content-Type: text/plain
Received-SPF: pass client-ip=64.147.123.19; envelope-from=mt@lowentropy.net; helo=wout3-smtp.messagingengine.com
X-W3C-Hub-DKIM-Status: validation passed: (address=mt@lowentropy.net domain=lowentropy.net), signature is good
X-W3C-Hub-DKIM-Status: validation passed: (address=mt@lowentropy.net domain=messagingengine.com), signature is good
X-W3C-Hub-Spam-Status: No, score=-9.8
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, W3C_AA=-1, W3C_DB=-1, W3C_IRA=-1, W3C_IRR=-3, W3C_WL=-1
X-W3C-Scan-Sig: mimas.w3.org 1oVMT9-009u6n-0W 4779a5598753408b7fd4aae170a6cefd
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Call for Adoption: draft-pauly-httpbis-geoip-hint
Archived-At: <https://www.w3.org/mid/7eb4e0f8-a388-4ea3-8d9a-89777c69f515@betaapp.fastmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/40373
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

I share a lot of Ted's concerns and am opposed to adoption for roughly similar reasons.  I definitely agree regarding optics.

I have spent some time discussing the very narrow use case that Tommy and David have in mind here.  In the very specific domain they are thinking of, there might be something very narrow that could work with something approximating acceptable privacy.  However - and this is a big one - I don't see any way in which we could ensure that the mechanisms defined for that use case do not get reused outside of that domain.  The draft certainly doesn't attempt to address the abuse risk.

To my mind, having a solid strategy for managing that risk is a *prerequisite* for starting this work.  Ted suggests mapping out an architecture, which is one way to do that.  The other might be looking at what mechanisms (or otherwise) could be used to make usage meaningfully constrained.

Cheers,
Martin

On Mon, Sep 5, 2022, at 22:38, Ted Hardie wrote:
> Hi Mark, WG colleagues, and fans of Geographic Privacy, 
>
> On Mon, Sep 5, 2022 at 7:47 AM Mark Nottingham <mnot@mnot.net> wrote:
>> At IETF 114, we saw some interest in adding hints about the client's location to requests in certain circumstances, with the condition that it be done in a way that doesn't compromise privacy. 
>> 
>> My sense (as Chair) is that further discussion might result in a solution that's broadly acceptable, or it might conclude that we can't publish anything. However, we need a focal point for that discussion. One potential starting point would be the draft presented:
>>   https://datatracker.ietf.org/doc/draft-pauly-httpbis-geoip-hint/
>> 
>> As always, if we adopt this draft it will be a starting point; it may change considerably, and consensus on any remaining content will need to be confirmed. I'll add one more proviso: if we can't come to consensus on a solution with appropriate properties (especially, privacy), we won't move the document forward. 
>> 
>> Please indicate whether you support adopting this draft. The Call for Adoption will end in two weeks.
>> 
>
> I do not support starting the discussion with this draft.  If the 
> working group would like to start a discussion on it, it should start 
> with BCP 160/RFC 6280 and work out what architecture it wants to build. 
>  The header format is a trivial piece to that puzzle and it can come 
> much, much later.  As many people who went through GeoPriv could tell 
> you:
>
> Information on location which is sent by a client can be combined with 
> other information in ways that many find startling and it is often 
> redistributed in ways that people find distressing.  Starting a new 
> "client sends geolocation info" project in a climate in which 
> geolocation data is currently being used to target soldiers, pregnant 
> women, and members of the LGBTQ community has to start from the 
> recognition that turning this off and being sure it is off is job one.  
> I see no evidence of that awareness in this draft, despite my utter 
> faith in Tommy and David's goodwill here.  Despite that faith, the 
> optics are _terrible_ , and adopting it without some attention to this 
> is unconscionable.   If you think that the use of a specific VPN and a 
> provided GeoLocation of Alabaster, AL by the client doesn't cause 
> privacy concerns, I have a statue of Vulcan, currently located in 
> Birminghan, AL, that I'd like to sell; it's quite handsome, and  think 
> you'll find it's good value for the money.
>
> Once you get such an architecture, you need to recognize that 
> information provided by clients is often not trusted, and the use of 
> trusted location providers to associate location with a client is thus 
> common in some contexts.  You need to decide very early on whether this 
> architecture will ever allow third parties to provide the location and, 
> if so, how (e.g. by providing a signed object that the client can 
> include).  Otherwise I can claim to be in Alabaster to get around the 
> GDPR restrictions that US companies have placed on their data.  (While 
> I see that the draft's security considerations  touch on this, I have 
> absolutely no faith at all in the "use this, but not for access control 
> decisions" language being honored in the breach.) 
>
> Lastly, I will point out that this relies on a document that went 
> through the independent stream and requires adherence to its feed 
> format and references those feeds within this format.  Some thought as 
> to why it had to go to the independent stream might be worth the 
> attention of the authors.
>
> In short, I oppose this, and I think the working group should simply 
> avoid work in this area completely; it is fraught with pitfalls.  If 
> you must do work in the area, start from the right place, which is a 
> privacy-preserving architecture.  Get to the header format at the *end* 
> of that process.
>
> best regards,
>
> Ted Hardie
>
>
>
>
>
>
> 
>> Cheers,
>> 
>> 
>> --
>> Mark Nottingham   https://www.mnot.net/
>> 
>>

v2.23.0 | Report a Bug | By Email