- From: David Schinazi <dschinazi.ietf@gmail.com>
- Date: Wed, 30 Oct 2024 16:30:01 -0700
- To: Ted Hardie <ted.ietf@gmail.com>
- Cc: Stephen Farrell <stephen.farrell@cs.tcd.ie>, Watson Ladd <watsonbladd@gmail.com>, Dustin Mitchell <djmitche@google.com>, Ben Schwartz <bemasc@meta.com>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
- Message-ID: <CAPDSy+7ExVov37A9T-tkyxzoUGi1br=3akOxry+7oJGWOS6OFg@mail.gmail.com>
Thanks Ted and Stephen. This conversation has helped me think through the various implications of all the moving pieces. I agree that it would be helpful to take a few steps back and focus on the goals and requirements before diving into solutions. When we present this topic at the second HTTPBIS session in Dublin (Thursday Session IV), we'll make sure to focus on the problem statement and goals / requirements for a solution without diving into the potential solution that is in the draft. David On Wed, Oct 30, 2024 at 8:44 AM Ted Hardie <ted.ietf@gmail.com> wrote: > Hi David, > > On Tue, Oct 29, 2024 at 10:04 PM David Schinazi <dschinazi.ietf@gmail.com> > wrote: > >> you're asking us for a full analysis of the cause and impact of global >> warming before we can start designing an umbrella >> > > This thread has turned up a number of requirements for your specific > deployment that were not described in the document, like lowering the > number of IP addresses in the pools to save money. It has also shown > considerable flexibility in what the folks involved consider appropriate > geo-ip location data, with some indication that it would get more granular > and some indications that it would get less granular. There's even been > some implications that there would be two or more levels of granularity and > some sort of user-driven choice. When a document is not clear on this kind > of thing, you should expect searching questions. > > Moreover, it appears to me that all of the arguments you are making are > tied to specific deployment plans in which some of the bits are, in fact, > not yet deployed. That makes this even more difficult to analyze, because > the final deployments may differ significantly. > > At the base, though, I am asking for more analysis because I think the > design you have put forward is very likely to be abused *in other > deployments*. The restrictions on where to get the data have the usual > protocol police problem, and there is a very real risk that the requests > for this will impact the location privacy desired by users and delivered by > other sorts of VPNs. If the VPN is configured at the OS level, the > browser or app may not realize that geo-ip data should not be shared. > > And there is a very real risk of malfeasance here. We all know that apps > and some websites used WebRTC features to get geolocation data that they > would not otherwise have had. If there are location knobs to be twisted > here, we can and should expect them to be twisted as hard as possible as > folks try to get data that the users don't want to share. > > I have suggested that we go back to considering the requirements because I > hope that there may be designs that deliver what you need without the risks > of the current design. > > regards, > > Ted Hardie > >
Received on Wednesday, 30 October 2024 23:30:18 UTC