- From: Ben Schwartz <bemasc@meta.com>
- Date: Tue, 22 Oct 2024 14:26:41 +0000
- To: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
- Message-ID: <SA1PR15MB43709DBA4D4E98D8D9CC2D81B34C2@SA1PR15MB4370.namprd15.prod.outlook.com>
I understand this draft as a way to override the server's geo-IP database for cases where it is giving "wrong" answers. However, the draft also says:
> The client MUST determine geolocation using a cooperating server that looks up the client's IP address in a geo-IP database. ... the IP address used to generate this geolocation hint MUST be ... the "egress IP address"
So to be precise, this draft is about allowing the client to select a "better" geo-IP database. In practice, "better" means "affiliated with my current proxy (VPN) operator". However, in current browsers and operating systems, a proxy operator has no way to inform the operating system of an affiliated geo-IP database server. If the operating system or browser vendor chooses the geo-IP database server, then only vendor-affiliated proxies will benefit from improved answers under this system.
If implemented today, this proposal would privilege vendor-provided proxies over third-party proxies. This seems undesirable to me.
This problem could be resolved by showing that these platforms will offer open (but proprietary) APIs to configure a geo-IP lookup server, by changing the geolocation rule from provenance to granularity (so that the platform can derive it from GPS), or by linking this proposal to a standard for network-based location that a proxy could override (e.g. DHCP GEOCONF_CIVIC, RFC 4776).
--Ben
________________________________
From: internet-drafts@ietf.org <internet-drafts@ietf.org>
Sent: Friday, October 18, 2024 11:38 PM
To: i-d-announce@ietf.org <i-d-announce@ietf.org>
Cc: ietf-http-wg@w3.org <ietf-http-wg@w3.org>
Subject: I-D Action: draft-pauly-httpbis-geoip-hint-01.txt
Internet-Draft draft-pauly-httpbis-geoip-hint-01.txt is now available. It is a
work item of the HTTP (HTTPBIS) WG of the IETF.
Title: The IP Geolocation HTTP Client Hint
Authors: Tommy Pauly
David Schinazi
Ciara McMullin
Dustin Mitchell
Name: draft-pauly-httpbis-geoip-hint-01.txt
Pages: 7
Dates: 2024-10-18
Abstract:
Techniques that improve user privacy by hiding original client IP
addresses, such as VPNs and proxies, have faced challenges with
server that rely on IP addresses to determine client location.
Maintaining a geographically relevant user experience requires large
pools of IP addresses, which can be costly. Additionally, users
often receive inaccurate geolocation results because servers rely on
geo-IP feeds that can be outdated. To address these challenges, we
can allow clients to actively send their network geolocation directly
to the origin server via an HTTP Client Hint. This approach will not
only enhance geolocation accuracy and reduce IP costs, but it also
gives clients more transparency regarding their perceived
geolocation.
The IETF datatracker status page for this Internet-Draft is:
https://urldefense.com/v3/__https://datatracker.ietf.org/doc/draft-pauly-httpbis-geoip-hint/__;!!Bt8RZUm9aw!6mICNhw7bj76_cBbl-3D72eXYBcZxFGvFOI54tNs5lTdKMqdRbZpFhfeP8IJ_d5AZgN56hbXoGe7HJafNsNz1Q$
There is also an HTML version available at:
https://urldefense.com/v3/__https://www.ietf.org/archive/id/draft-pauly-httpbis-geoip-hint-01.html__;!!Bt8RZUm9aw!6mICNhw7bj76_cBbl-3D72eXYBcZxFGvFOI54tNs5lTdKMqdRbZpFhfeP8IJ_d5AZgN56hbXoGe7HJauIOfmgA$
A diff from the previous version is available at:
https://urldefense.com/v3/__https://author-tools.ietf.org/iddiff?url2=draft-pauly-httpbis-geoip-hint-01__;!!Bt8RZUm9aw!6mICNhw7bj76_cBbl-3D72eXYBcZxFGvFOI54tNs5lTdKMqdRbZpFhfeP8IJ_d5AZgN56hbXoGe7HJZikroa3Q$
Internet-Drafts are also available by rsync at:
rsync.ietf.org::internet-drafts
Received on Tuesday, 22 October 2024 14:26:53 UTC