IETF Logo Mail Archive

Re: Call for Adoption: draft-pauly-httpbis-geoip-hint

Ted Hardie <ted.ietf@gmail.com> Mon, 05 September 2022 12:41 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 99E80C15257C for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 5 Sep 2022 05:41:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.757
X-Spam-Level:
X-Spam-Status: No, score=-2.757 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gkNzDI2sRSjv for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 5 Sep 2022 05:41:53 -0700 (PDT)
Received: from lyra.w3.org (lyra.w3.org [128.30.52.18]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 840C6C14F743 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Mon, 5 Sep 2022 05:41:53 -0700 (PDT)
Received: from lists by lyra.w3.org with local (Exim 4.94.2) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1oVBNW-00CWcm-MY for ietf-http-wg-dist@listhub.w3.org; Mon, 05 Sep 2022 12:39:02 +0000
Resent-Date: Mon, 05 Sep 2022 12:39:02 +0000
Resent-Message-Id: <E1oVBNW-00CWcm-MY@lyra.w3.org>
Received: from titan.w3.org ([128.30.52.76]) by lyra.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <ted.ietf@gmail.com>) id 1oVBNV-00CWau-BY for ietf-http-wg@listhub.w3.org; Mon, 05 Sep 2022 12:39:01 +0000
Received: from mail-io1-xd2b.google.com ([2607:f8b0:4864:20::d2b]) by titan.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from <ted.ietf@gmail.com>) id 1oVBNT-00Ayco-NV for ietf-http-wg@w3.org; Mon, 05 Sep 2022 12:39:01 +0000
Received: by mail-io1-xd2b.google.com with SMTP id b142so6722702iof.10 for <ietf-http-wg@w3.org>; Mon, 05 Sep 2022 05:38:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date; bh=QThwc5HreaSRVYzAP2brWbTdE/U1ycRxm/vtpoAeThc=; b=gRq99HOzwmUvWzflyIKmEqh8exvDL0ImggbkIluoaNCf8pHL+ukmJluijIQJB0NK9z I73U0RJqpgoVoFC0dBenadywCY3t8p4aJO+GWp7GSKNFUlI4kZHbQPDJ+cQ00TbeKXxB k++35YzcIY2p2xJlmkOXUGURLDWd5KuFib/5QZkM+M8C4xZpxTZ4t8v+ELjRBo+bQYKe kjTeLoxtfMMZi5cCZxzy1sers5bAGWuqqEwLFrO/ghHBAJ1y5zBE4nz3GrIYMPp1X9qo cQKyy+0Pxwa1TlXC1PWi+2T3f3pnpbeN4gZaGs0FCBYucojmlo2YkP7III5LOsY384tw bvVg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date; bh=QThwc5HreaSRVYzAP2brWbTdE/U1ycRxm/vtpoAeThc=; b=xKXarI0SFh04D0ZySdvoURIs9NFJsjbR+kls7r6XlfI8TG4KucGoWSwAQzHdIdcDG7 CUZXaZg5FSRhBSTJRWKXrqHEuYxvMOnKUx56A/NrOtJHI3GHA/kq/ZkyZUm/hurYxAWW cTPeSwMMdkL4mnOYiNzgVAEhVXNgcl1i2LEGs3JItzKoLCBC31NHuhRijRLKKxGAaLbH 6cL5KrMYsgYpy15LlbT1+eaxZ6VNnaLAkv7ZlC8kIzGsaOgNo5NxsE4H6SKG5fGOXoqz 8JmQab3soeBPn+Fm1zF68D5NbMoPkVudzVqiDS9F/WJ8IoJdJx9HRMvkXgPSyhass02z tviw==
X-Gm-Message-State: ACgBeo35UvNW+9CdFhNoJ/SEJUYkSisDFLrK1zpyBi7bxb794+6AgtX0 OWcxTrx1ZeRypSjofm1sdr90tgnz6c61+zAAYEg4fbUSrtE=
X-Google-Smtp-Source: AA6agR7/jFJSLhdKN3uEPS40hbCioE0eh0HsKcvK4O8n/tG98Zw0xRitBDGrbVKQBhU5Rq+vC13lrMfdKtiPU+pW+JQ=
X-Received: by 2002:a05:6638:dc2:b0:351:f7a4:c3ea with SMTP id m2-20020a0566380dc200b00351f7a4c3eamr3496109jaj.4.1662381528600; Mon, 05 Sep 2022 05:38:48 -0700 (PDT)
MIME-Version: 1.0
References: <694DD6A2-5191-488C-8A93-FE670992204D@mnot.net>
In-Reply-To: <694DD6A2-5191-488C-8A93-FE670992204D@mnot.net>
From: Ted Hardie <ted.ietf@gmail.com>
Date: Mon, 05 Sep 2022 13:38:22 +0100
Message-ID: <CA+9kkMBbzXUDTmXnp7KRXdKUTdHn5HjjDLBjwkwHYT3-yiKheg@mail.gmail.com>
To: Mark Nottingham <mnot@mnot.net>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
Content-Type: multipart/alternative; boundary="0000000000007e53ff05e7ed5cb2"
Received-SPF: pass client-ip=2607:f8b0:4864:20::d2b; envelope-from=ted.ietf@gmail.com; helo=mail-io1-xd2b.google.com
X-W3C-Hub-DKIM-Status: validation passed: (address=ted.ietf@gmail.com domain=gmail.com), signature is good
X-W3C-Hub-Spam-Status: No, score=-6.1
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, W3C_AA=-1, W3C_DB=-1, W3C_IRA=-1, W3C_WL=-1
X-W3C-Scan-Sig: titan.w3.org 1oVBNT-00Ayco-NV 4cebca002a5b3124814d22be5516faab
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Call for Adoption: draft-pauly-httpbis-geoip-hint
Archived-At: <https://www.w3.org/mid/CA+9kkMBbzXUDTmXnp7KRXdKUTdHn5HjjDLBjwkwHYT3-yiKheg@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/40368
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

Hi Mark, WG colleagues, and fans of Geographic Privacy,

On Mon, Sep 5, 2022 at 7:47 AM Mark Nottingham <mnot@mnot.net> wrote:

> At IETF 114, we saw some interest in adding hints about the client's
> location to requests in certain circumstances, with the condition that it
> be done in a way that doesn't compromise privacy.
>
> My sense (as Chair) is that further discussion might result in a solution
> that's broadly acceptable, or it might conclude that we can't publish
> anything. However, we need a focal point for that discussion. One potential
> starting point would be the draft presented:
>   https://datatracker.ietf.org/doc/draft-pauly-httpbis-geoip-hint/
>
> As always, if we adopt this draft it will be a starting point; it may
> change considerably, and consensus on any remaining content will need to be
> confirmed. I'll add one more proviso: if we can't come to consensus on a
> solution with appropriate properties (especially, privacy), we won't move
> the document forward.
>
> Please indicate whether you support adopting this draft. The Call for
> Adoption will end in two weeks.
>
>
I do not support starting the discussion with this draft.  If the working
group would like to start a discussion on it, it should start with BCP
160/RFC 6280 and work out what architecture it wants to build.  The header
format is a trivial piece to that puzzle and it can come much, much later.
As many people who went through GeoPriv could tell you:

Information on location which is sent by a client can be combined with
other information in ways that many find startling and it is often
redistributed in ways that people find distressing.  Starting a new "client
sends geolocation info" project in a climate in which geolocation data is
currently being used to target soldiers, pregnant women, and members of the
LGBTQ community has to start from the recognition that turning this off and
being sure it is off is job one.  I see no evidence of that awareness in
this draft, despite my utter faith in Tommy and David's goodwill here.
Despite that faith, the optics are _terrible_ , and adopting it without
some attention to this is unconscionable.   If you think that the use of a
specific VPN and a provided GeoLocation of Alabaster, AL by the client
doesn't cause privacy concerns, I have a statue of Vulcan, currently
located in Birminghan, AL, that I'd like to sell; it's quite handsome, and
think you'll find it's good value for the money.

Once you get such an architecture, you need to recognize that information
provided by clients is often not trusted, and the use of trusted location
providers to associate location with a client is thus common in some
contexts.  You need to decide very early on whether this architecture will
ever allow third parties to provide the location and, if so, how (e.g. by
providing a signed object that the client can include).  Otherwise I can
claim to be in Alabaster to get around the GDPR restrictions that US
companies have placed on their data.  (While I see that the draft's
security considerations  touch on this, I have absolutely no faith at all
in the "use this, but not for access control decisions" language being
honored in the breach.)

Lastly, I will point out that this relies on a document that went through
the independent stream and requires adherence to its feed format and
references those feeds within this format.  Some thought as to why it had
to go to the independent stream might be worth the attention of the authors.

In short, I oppose this, and I think the working group should simply avoid
work in this area completely; it is fraught with pitfalls.  If you must do
work in the area, start from the right place, which is a privacy-preserving
architecture.  Get to the header format at the *end* of that process.

best regards,

Ted Hardie








> Cheers,
>
>
> --
> Mark Nottingham   https://www.mnot.net/
>
>
>

v2.23.0 | Report a Bug | By Email