From mboxrd@z Thu Jan 1 00:00:00 1970 From: Peter =?utf-8?q?M=C3=BCller?= To: location@lists.ipfire.org Subject: Re: [PATCH 2/2] overrides: clarify file contents and policies Date: Sun, 08 Aug 2021 17:16:12 +0200 Message-ID: In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============4364676792084964000==" List-Id: --===============4364676792084964000== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hello Michael, I really hate to say so, but it does on my machine. Since I spotted a couple of other networks in need of an override the other d= ay (and apparently flubbed up the AS names additions :-/ ), I will hand in a second patchset lat= er on. Sorry for the inconvenience. Thanks, and best regards, Peter M=C3=BCller > Hello, >=20 > This doesn=E2=80=99t seem to apply :( >=20 > -Michael >=20 >> On 6 Aug 2021, at 17:07, Peter M=C3=BCller wr= ote: >> >> This patch updates the disclaimer blocks at the beginning of the >> override-*.txt files, to be more accurate and helpful to people wishing >> to propose changes to them. >> >> In addition, a remark regarding the A[1-3] country codes has been added. >> >> Signed-off-by: Peter M=C3=BCller >> --- >> overrides/override-a1.txt | 26 ++++++++++++++++---------- >> overrides/override-a2.txt | 20 ++++++++++++++------ >> overrides/override-a3.txt | 20 +++++++++++++++----- >> overrides/override-other.txt | 26 ++++++++++++++++++-------- >> 4 files changed, 63 insertions(+), 29 deletions(-) >> >> diff --git a/overrides/override-a1.txt b/overrides/override-a1.txt >> index 284c3e8..77d5b08 100644 >> --- a/overrides/override-a1.txt >> +++ b/overrides/override-a1.txt >> @@ -1,19 +1,25 @@ >> # >> # override-a1 [.txt] >> # >> -# This file contains Autonomous Systems (AS) or IP networks/adresses >> -# which are - in fact or with a high level of confidence - anonymous >> -# proxies (special country code: A1). >> +# This file contains Autonomous Systems and IP networks used - in fact or= with reasonable >> +# confidence - for publicly available services for forwarding traffic ano= nymously, such as >> +# VPN providers. >> # >> -# Since it does not make sense to assign them to a county, they >> -# will be flagged as "A1" in the database. >> +# While their country code set is preserved in libloc - unless utterly bo= gus -, it does not >> +# actually make sense to assign these to a distinct country. Therefore, t= hey will be flagged >> +# as "anonymous proxies" in libloc query results. >> # >> -# Although we do not consider them to be bad entirely, they might >> -# be unwanted in certain scenarios. >> +# For historical reasons, parts of IPFire's web interface use "A1" as a c= ountry code for them. >> +# This violates ISO 3166, and might be changed to a different country cod= e inside a reserved >> +# range in the future. >> # >> -# Please note only long-living Tor relay providers with static IPs >> -# are listed here, as the list of all Tor relays will be dynamically >> -# generated by another script. >> +# At the moment, major Tor exit relay providers are included here as well= . They will be dropped >> +# from this file in the future, as soon as bug #11754 has been solved and= a list of Tor exit >> +# relays is imported dynamically while compiling the database. >> +# >> +# Improvement suggestions are appreciated, please submit them as patches = to the location mailing >> +# list. Refer to https://lists.ipfire.org/mailman/listinfo/location and h= ttps://wiki.ipfire.org/devel/contact >> +# for further information. >> # >> # Please keep this file sorted. >> # >> diff --git a/overrides/override-a2.txt b/overrides/override-a2.txt >> index 502948f..223b4df 100644 >> --- a/overrides/override-a2.txt >> +++ b/overrides/override-a2.txt >> @@ -1,13 +1,21 @@ >> # >> # override-a2 [.txt] >> # >> -# This file contains Autonomous Systems (AS) or IP networks/addresses >> -# which are - in fact or with a high level of confidence - belonging >> -# to satellite network providers (special country code: A2). >> +# This file contains Autonomous Systems and IP networks used - in fact or= with reasonable >> +# confidence - for customers or dial-in pools of satellite-based internet= services. >> # >> -# Since a satellite uplink connection is possible from almost >> -# anywhere in the world, it does not make sense to assign them to a >> -# specific country. They will be flagged as "A2" in the database. >> +# While their country code set is preserved in libloc - unless utterly bo= gus -, it does not >> +# actually make sense to assign these to a distinct country, since a sate= llite connection is >> +# possible from virtually any place in the world. Therefore, they will be= flagged as "satellite >> +# providers" in libloc query results. >> +# >> +# For historical reasons, parts of IPFire's web interface use "A2" as a c= ountry code for them. >> +# This violates ISO 3166, and might be changed to a different country cod= e inside a reserved >> +# range in the future. >> +# >> +# Improvement suggestions are appreciated, please submit them as patches = to the location mailing >> +# list. Refer to https://lists.ipfire.org/mailman/listinfo/location and h= ttps://wiki.ipfire.org/devel/contact >> +# for further information. >> # >> # Please keep this file sorted. >> # >> diff --git a/overrides/override-a3.txt b/overrides/override-a3.txt >> index d810d93..b07d4b8 100644 >> --- a/overrides/override-a3.txt >> +++ b/overrides/override-a3.txt >> @@ -1,12 +1,22 @@ >> # >> # override-a3 [.txt] >> # >> -# This file contains Autonomous Systems (AS) or IP networks/addresses >> -# which are - in fact or with a high level of confidence - believed >> -# to be worldwide anycast instances (special country codes: A3). >> +# This file contains Autonomous Systems and IP networks used - in fact or= with reasonable >> +# confidence - for worldwide anycast services. >> # >> -# It does not make sense to assign them to a certain country, they >> -# will be flagged as "A3" in the database. >> +# While their country code set is preserved in libloc - unless utterly bo= gus -, it does not >> +# make sense to assign these to a distinct country. Therefore, they will = be flagged as "anycast" >> +# in libloc query results. >> +# >> +# For historical reasons, parts of IPFire's web interface use "A3" as a c= ountry code for them. >> +# This violates ISO 3166, and might be changed to a different country cod= e inside a reserved >> +# range in the future. >> +# >> +# Improvement suggestions are appreciated, please submit them as patches = to the location mailing >> +# list. Refer to https://lists.ipfire.org/mailman/listinfo/location and h= ttps://wiki.ipfire.org/devel/contact >> +# for further information. >> +# >> +# Please keep this file sorted. >> # >> >> aut-num: AS69 >> diff --git a/overrides/override-other.txt b/overrides/override-other.txt >> index 045b515..d232fc6 100644 >> --- a/overrides/override-other.txt >> +++ b/overrides/override-other.txt >> @@ -1,14 +1,24 @@ >> # >> -# override-other [.txt] >> +# override-a3 [.txt] >> # >> -# This file contains Autonomous Systems (AS) or IP networks/addresses >> -# whose country information in corresponding RIR data is believed or prov= en >> -# to be invalid or inaccurate and which do not match to one of the specia= l categories >> -# A[1-3]. >> +# This file contains Autonomous Systems and IP networks whose RIR data ar= e believed to be inaccurate, >> +# incomplete, or bogus on purpose and by chance. A small subset of its en= tries applies to AS descriptions, >> +# while the majority covers country code assignments. >> # >> -# Such networks might be legitimate (poorly maintained WHOIS data), shady >> -# (networks owned by letterbox companies in offshore jurisdictions) or >> -# hostile (faked RIR data in order to bypass location-based filtering). >> +# The latter are crucial due to location-based firewalling or routing. In= accurate country code assignments >> +# therefore pose a security threat to these users, especially if being se= t intentionally to circumvent such >> +# filters. >> +# >> +# The term "Location" may refer to the actual, physical location of a net= work (usually hard to enumerate >> +# beyond a country-level), or its jurisdiction. To the best of our knowle= dge, the contents of "country"-fields >> +# in RIR databases were never clarified in this conext. >> +# >> +# When in doubt, the physical location of a network will be used below, e= specially if the jurisdiction of a >> +# network appears to be not helpful at all, such as offshore letterbox co= mpanies on the other end of the world. >> +# >> +# Improvement suggestions are appreciated, please submit them as patches = to the location mailing >> +# list. Refer to https://lists.ipfire.org/mailman/listinfo/location and h= ttps://wiki.ipfire.org/devel/contact >> +# for further information. >> # >> # Please keep this file sorted. >> # >> --=20 >> 2.26.2 >=20 --===============4364676792084964000==--