[Bug libc/18419] New: add an option to resolv.conf to set all-zeros edns-client-subnet option

["dkg at fifthhorseman dot net" <sourceware-bugzilla at sourceware dot org>]

https://sourceware.org/bugzilla/show_bug.cgi?id=18419

            Bug ID: 18419
           Summary: add an option to resolv.conf to set all-zeros
                    edns-client-subnet option
           Product: glibc
           Version: unspecified
            Status: NEW
          Severity: enhancement
          Priority: P2
         Component: libc
          Assignee: unassigned at sourceware dot org
          Reporter: dkg at fifthhorseman dot net
                CC: drepper.fsp at gmail dot com
  Target Milestone: ---

https://tools.ietf.org/html/draft-ietf-dnsop-edns-client-subnet-00 is a
mechanism to allow recursive resolvers to pass along parts of the end client's
IP address to the authoritative server.

This is a potential privacy risk, as outlined in section 10.1 of that document:


https://tools.ietf.org/html/draft-ietf-dnsop-edns-client-subnet-00#section-10.1

but users can opt out, which should cause compliant recursive resolvers to not
leak any part of their address:

   Users who wish their full IP address to be hidden can include an
   edns-client-subnet option specifying the wildcard address 0.0.0.0/0
   (i.e.  FAMILY set to 1 (IPv4), SOURCE NETMASK to 0 and no ADDRESS).

   As described in previous sections, this option will be forwarded
   across all the Recursive Resolvers supporting edns-client-subnet,
   which MUST NOT modify it to include the network address of the
   client.


the libc resolver mechanism should provide an option so that users who wish to
signal this wish to opt out can do so.  I think this option probably needs to
imply the existing "edns0" option, as specified in resolv.conf(5).

If this is the wrong place to request this feature enhancement, please let me
know where it would be better served.

Thanks for all the work on libc!

-- 
You are receiving this mail because:
You are on the CC list for the bug.