Adding GPS location to IPv6 header

Ammar_Salih1 · November 22, 2012, 11:59am

Dears, I've proposed a new IPv6 "extension header", it's now posted on IETF
website, your ideas and comments are most welcome!

http://datatracker.ietf.org/doc/draft-add-location-to-ipv6-header/?include_t
ext=1

Thanks!

Ammar Salih

John_Adams · November 24, 2012, 9:18pm

Don't conflate layer 5-7 needs with basic communication requirements. IP is
not the place for this sort of header.

This is not data that should be sent on every packet. It becomes redundant.
Not to mention the serious privacy concerns such a header brings up in the
protocol. You barely address this in your RFC. You write it away with a
wishy-washy "Oh err um, users will have the option to turn it off". That's
worked so well for opt-out advertising -- I'm sure it will work here.

If there's a place where I can go and vote this down / debate it away, tell
me where that is.

-j

Daniel_Ankers · November 24, 2012, 9:46pm

It seems to me that there's a big problem with using this for rights
enforcement.

If the header is added by the user's device, then on certain operating
systems it will be trivial for the user to set this to whatever they want
it to be - which would defeat the purpose.
If the header is added by devices out of the user's control so that the
user cannot spoof their location (e.g. ISP routers) then for one thing they
do not know the user's exact location, and for another there needs to be an
additional mechanism for the user to switch the option off.

The suggestion of using this to automatically get web pages in the right
language also does not seem practical.
My devices know that my preferred language is English. If I take one of
those devices to China, I still want to see web pages in English.
Additionally there is already an HTTP header to express your preferred
language.

Regards,
Dan

Carsten_Bormann · November 24, 2012, 9:53pm

Not needed.
It already has been completely shredded at the relevant IETF mailing lists, geopriv and ipv6 (6man WG).
I have no idea why Ammar isn't listening to the great free advice he got there.

Grüße, Carsten

Tammy_A_Wisdom · November 25, 2012, 1:46am

Im just going to come out and say this. This is a gigantic invasion of privacy and a really bad idea.

imbutler · November 25, 2012, 2:02am

In a number of jurisdictions and particularly in the EU, IP addresses
themselves (any version) are considered Personally Identifiable
Information (PII) and are expected/required to be protected as such.
This implies that Firewall and Intrusion Detection logs must not be
conveyed across country borders, e.g. from Germany.

Any attempt to introduce another flavour of PII into a transport
mechanism (as distinct from an intended payload) is likely only to meet
significant (and warranted) resistance at every level, carrier and
legislative overseer alike,

imb

Kenneth_McRae · November 25, 2012, 4:04am

I see major privacy issues with this. Why introduce more intelligence
which WILL eventually be used for more intrusion into the private lives of
all of us? I don't particularly care for "smart" ads and three like..

James_Hess · November 25, 2012, 6:28am

IP is the logical place for this kind of header, as this information
is node dependent, not application dependent.

It would be useful for identifying the location of a server, when an
IP address does not.
For example, in the case of an anycasted service, the source IP
address does not uniquely identify where the source came from.

The requirement that the embedded location data, be GPS data,
however: would seem to be overly restrictive; a simple 8-bit
"Site number" identifier could be all the location data needed for
diagnostic purposes.

"Privacy issues" are policy considerations, that have no place in
the determination of protocol header formats; providers of a service
will generate location header extensions, if they are useful to them,
if they are not, then they would choose to not support the extension.

If a provider wants to attempt to implement rights management using
header fields, then more power to them.... I never heard of a
digital rights management provider implementing an open
standards-based approach, and it would be a positive development if
they did, but more likely than not, they will ignore header extension
options, and implement rights management identification inside
proprietary application layer payloads that contain the actual
protected content,

instead of IP packet headers, which are easily stripped off, and
replaced with new IP headers containing the same packet data payload.

Nick_Hilliard3 · November 25, 2012, 1:56pm

actually no. The EU Article 29 Data Protection Working Party issued a
controversial opinion a couple of years ago that IP address data in
combination with an accurate timestamp constituted PII, but that IP
addresses on their own did not. This opinion has been roundly rejected by
several EU courts; for example see paragraph 12 of emi vs eircom in the
irish high court (http://goo.gl/96xUY).

Nick

Dave_Edelman · November 26, 2012, 4:32am

This is the first reasonable, rational, and well-defined argument for not
making the transition to IPv6.

As to someone's question about "Are you a terrorist?" If there is such a
construct as a transitive noun, then this might qualify. People rarely
describe themselves as terrorists, typically non-disinterested third-parties
describe them as such.

--Dave

From: Ammar Salih [mailto:ammar.salih@auis.edu.iq]
Sent: Thursday, November 22, 2012 7:00 AM
To: nanog@nanog.org
Subject: Adding GPS location to IPv6 header

Dears, I've proposed a new IPv6 "extension header", it's now posted on

IETF

website, your ideas and comments are most welcome!