Adding GPS location to IPv6 header

Dears, I've proposed a new IPv6 "extension header", it's now posted on IETF
website, your ideas and comments are most welcome!


Ammar Salih

Don't conflate layer 5-7 needs with basic communication requirements. IP is
not the place for this sort of header.

This is not data that should be sent on every packet. It becomes redundant.
Not to mention the serious privacy concerns such a header brings up in the
protocol. You barely address this in your RFC. You write it away with a
wishy-washy "Oh err um, users will have the option to turn it off". That's
worked so well for opt-out advertising -- I'm sure it will work here.

If there's a place where I can go and vote this down / debate it away, tell
me where that is.


It seems to me that there's a big problem with using this for rights

If the header is added by the user's device, then on certain operating
systems it will be trivial for the user to set this to whatever they want
it to be - which would defeat the purpose.
If the header is added by devices out of the user's control so that the
user cannot spoof their location (e.g. ISP routers) then for one thing they
do not know the user's exact location, and for another there needs to be an
additional mechanism for the user to switch the option off.

The suggestion of using this to automatically get web pages in the right
language also does not seem practical.
My devices know that my preferred language is English. If I take one of
those devices to China, I still want to see web pages in English.
Additionally there is already an HTTP header to express your preferred


Not needed.
It already has been completely shredded at the relevant IETF mailing lists, geopriv and ipv6 (6man WG).
I have no idea why Ammar isn't listening to the great free advice he got there.

Grüße, Carsten

Im just going to come out and say this. This is a gigantic invasion of privacy and a really bad idea.

In a number of jurisdictions and particularly in the EU, IP addresses
themselves (any version) are considered Personally Identifiable
Information (PII) and are expected/required to be protected as such.
This implies that Firewall and Intrusion Detection logs must not be
conveyed across country borders, e.g. from Germany.

Any attempt to introduce another flavour of PII into a transport
mechanism (as distinct from an intended payload) is likely only to meet
significant (and warranted) resistance at every level, carrier and
legislative overseer alike,


I see major privacy issues with this. Why introduce more intelligence
which WILL eventually be used for more intrusion into the private lives of
all of us? I don't particularly care for "smart" ads and three like..

IP is the logical place for this kind of header, as this information
is node dependent, not application dependent.

It would be useful for identifying the location of a server, when an
IP address does not.
For example, in the case of an anycasted service, the source IP
address does not uniquely identify where the source came from.

The requirement that the embedded location data, be GPS data,
however: would seem to be overly restrictive; a simple 8-bit
"Site number" identifier could be all the location data needed for
diagnostic purposes.

"Privacy issues" are policy considerations, that have no place in
the determination of protocol header formats; providers of a service
will generate location header extensions, if they are useful to them,
if they are not, then they would choose to not support the extension.

If a provider wants to attempt to implement rights management using
header fields, then more power to them.... I never heard of a
digital rights management provider implementing an open
standards-based approach, and it would be a positive development if
they did, but more likely than not, they will ignore header extension
options, and implement rights management identification inside
proprietary application layer payloads that contain the actual
protected content,

instead of IP packet headers, which are easily stripped off, and
replaced with new IP headers containing the same packet data payload.

actually no. The EU Article 29 Data Protection Working Party issued a
controversial opinion a couple of years ago that IP address data in
combination with an accurate timestamp constituted PII, but that IP
addresses on their own did not. This opinion has been roundly rejected by
several EU courts; for example see paragraph 12 of emi vs eircom in the
irish high court (


This is the first reasonable, rational, and well-defined argument for not
making the transition to IPv6.

As to someone's question about "Are you a terrorist?" If there is such a
construct as a transitive noun, then this might qualify. People rarely
describe themselves as terrorists, typically non-disinterested third-parties
describe them as such.


From: Ammar Salih []
Sent: Thursday, November 22, 2012 7:00 AM
Subject: Adding GPS location to IPv6 header

Dears, I've proposed a new IPv6 "extension header", it's now posted on


website, your ideas and comments are most welcome!