- From: Tommy Pauly <tpauly@apple.com>
- Date: Wed, 06 Jul 2022 16:15:56 -0700
- To: HTTP Working Group <ietf-http-wg@w3.org>
- Message-id: <B9DB502E-B907-4B64-A639-24E5A1CCD526@apple.com>
Hello HTTP WG, At our February interim <https://httpwg.org/wg-materials/interim-22-02/agenda.html>, I shared a proposal to share a geolocation hint in HTTP headers as a geohash. During the meeting, we got a lot of useful feedback for how this could be misused and abused. The motivating use case was more about ensuring that a server understands the “correct” geo-location mapping for an IP address that it already is seeing, as opposed to trying to reveal new information about location. This is specifically useful when going through a VPN / privacy proxy service where the client is aware of its IP selection. Specifically, this works around cases where geo-IP databases are out of date, or have the incorrect granularity (for example, some intermediate databases try to place every IP in a city, so they’ll incorrectly map country-wide IPs to a city in the center of the country). As such, we’ve revised the proposal to instead provide a header that contains the geo IP database entry that corresponds to the client’s IP, along information in the parameters that points to the authoritative database. https://www.ietf.org/archive/id/draft-pauly-httpbis-geoip-hint-00.html <https://www.ietf.org/archive/id/draft-pauly-httpbis-geoip-hint-00.html> Happy to hear thoughts on this direction, and have further discussion at IETF 114. Best, Tommy & David
Received on Wednesday, 6 July 2022 23:16:10 UTC