On Jan 18, 2010, at 8:38 PM, Steven Bellovin wrote:
On Jan 18, 2010, at 8:22 PM, Warren Kumari wrote:
Something that I have often wondered is how folks would feel about publishing some sort of geo information in reverse DNS (something like LOC records, with whatever precision you like) -- this would allow the folks that geo stuff to automagically provide the best answer, and because you control the record, you can specify whatever resolution / precision you like. Based upon the sorry state of existing reverse, I'm suspecting that there is no point....
I don't think that that works. Apart from the problem that you allude to -- people not bothering to set it up in the first place -- IP geolocation is often used for certain forms of access control and policy enforcement. For example: "Regular Season Local Live Blackout: All live, regular season games available via MLB.TV, MLB.com At Bat 2009 and certain other MLB.com subscription services are subject to local blackouts. Such live games will be blacked out in each applicable Club's home television territory, regardless of whether that Club is playing at home or away." (http://www.mlb.com/mediacenter/). EBay has apparently used IP geolocation (poorly) to control access to certain auctions for items that are illegal in certain jurisdictions or that cannot be exported.
Ah, yes, sorry, I guess I didn't fully explain this... This wouldn't (well, shouldn't) be used as an authoritative source -- it would simple be yet another signal that could be used, and would provide (if the ISP so chose) higher resolution. If you think that the IP is in Uzbekistan and traceroutes, whois and RTT all seem to agree with that, but the published LOC type record claims that it is just down the road from you in NJ then, well, you would be silly to believe it. Folks who are currently using geolocation for policy (like MLB.com) must[0] realize that this is a fundamentally flawed approach and is only effective against a non-determined audience, mustn't they? TOR / proxies / etc will all happily get around this blocking and seem much easier for the average user than poking at DNS. W [0]: Ok, they probably don't, but....
--Steve Bellovin, http://www.cs.columbia.edu/~smb
-- She'd even given herself a middle initial - X - which stood for "someone who has a cool and exciting middle name". -- (Terry Pratchett, Maskerade)