From patchwork Sun Aug  8 16:37:56 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Peter_M=C3=BCller?=
 <peter.mueller@ipfire.org>
X-Patchwork-Id: 4622
Return-Path: <location-bounces@lists.ipfire.org>
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-384)
	 client-signature ECDSA (P-384))
	(Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK))
	by web04.haj.ipfire.org (Postfix) with ESMTPS id 4GjPyv5sxJz3xGs
	for <patchwork@web04.haj.ipfire.org>; Sun,  8 Aug 2021 16:37:59 +0000 (UTC)
Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-384)
	 client-signature ECDSA (P-384))
	(Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK))
	by mail01.ipfire.org (Postfix) with ESMTPS id 4GjPyv310lzQ0;
	Sun,  8 Aug 2021 16:37:59 +0000 (UTC)
Received: from mail02.haj.ipfire.org (localhost [127.0.0.1])
	by mail02.haj.ipfire.org (Postfix) with ESMTP id 4GjPyv2CfGz2xgw;
	Sun,  8 Aug 2021 16:37:59 +0000 (UTC)
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature ECDSA (P-384)
 client-signature ECDSA (P-384))
 (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK))
 by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4GjPyt37pJz2xTN
 for <location@lists.ipfire.org>; Sun,  8 Aug 2021 16:37:58 +0000 (UTC)
Received: from [127.0.0.1] (localhost [127.0.0.1])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature ECDSA (P-384))
 (No client certificate requested)
 by mail01.ipfire.org (Postfix) with ESMTPSA id 4GjPys1cRWzQ0
 for <location@lists.ipfire.org>; Sun,  8 Aug 2021 16:37:57 +0000 (UTC)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org;
 s=202003ed25519; t=1628440677;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:mime-version:mime-version:content-type:content-type:
 content-transfer-encoding:content-transfer-encoding;
 bh=iACexu1CHcOhhgBqtRhIWjm9xXhI5sUSF8i5X7/KjCo=;
 b=A3IDwNFWLh/FBKtTuH+7e1Br2btuJ3nFgI3U8HLKkKGXE92NeSeMr8I8eGZejJrNHo2mnF
 Nq+BnKLqwMzhf2Dg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org;
 s=202003rsa;
 t=1628440677;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:mime-version:mime-version:content-type:content-type:
 content-transfer-encoding:content-transfer-encoding;
 bh=iACexu1CHcOhhgBqtRhIWjm9xXhI5sUSF8i5X7/KjCo=;
 b=W3sw798ul4XHlJ/nhD+2/WWabLAclaVvqksRUwqJVO4iiYWxuOCfBYkHjN/gGSupUb1eez
 HCfYTSaH5v/u10kAJi/62MKSoDRqml3H5RzrpiEKUJZAFsW95yJPvI6+y9vqisnKtbYQED
 TX9BxmhtTyNW2C9k4yYbIjqk1HYM6WLYxhdzBIrGCmkPKVxrFio/cUqZo9I2oBGVl4CH30
 8kckBXZu69nAkWTYJ00o8fflzFZS8xlO3qEVDG2JPCIG8xOtBD/NOkLHH2529Tzo+k84xQ
 6VP2D1YfHztsmntIzf0cmyLPwvt4lRc5Aisl8vw0MwJraV0Yjk2CleSqzLHfBA==
To: "IPFire: Location" <location@lists.ipfire.org>
From: =?utf-8?q?Peter_M=C3=BCller?= <peter.mueller@ipfire.org>
Subject: [PATCH v2] overrides: clarify file contents and policies
Message-ID: <95bbf0af-99e9-edb3-5813-ec1e32f756da@ipfire.org>
Date: Sun, 8 Aug 2021 18:37:56 +0200
MIME-Version: 1.0
Content-Language: en-US
X-BeenThere: location@lists.ipfire.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <location.lists.ipfire.org>
List-Unsubscribe: <https://lists.ipfire.org/mailman/options/location>,
 <mailto:location-request@lists.ipfire.org?subject=unsubscribe>
List-Archive: <http://lists.ipfire.org/pipermail/location/>
List-Post: <mailto:location@lists.ipfire.org>
List-Help: <mailto:location-request@lists.ipfire.org?subject=help>
List-Subscribe: <https://lists.ipfire.org/mailman/listinfo/location>,
 <mailto:location-request@lists.ipfire.org?subject=subscribe>
Errors-To: location-bounces@lists.ipfire.org
Sender: "Location" <location-bounces@lists.ipfire.org>

This patch updates the disclaimer blocks at the beginning of the
override-*.txt files, to be more accurate and helpful to people wishing
to propose changes to them.

In addition, a remark regarding the A[1-3] country codes has been added.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
---
 overrides/override-a1.txt    | 26 ++++++++++++++++----------
 overrides/override-a2.txt    | 20 ++++++++++++++------
 overrides/override-a3.txt    | 20 +++++++++++++++-----
 overrides/override-other.txt | 26 ++++++++++++++++++--------
 4 files changed, 63 insertions(+), 29 deletions(-)

diff --git a/overrides/override-a1.txt b/overrides/override-a1.txt
index 284c3e8..77d5b08 100644
--- a/overrides/override-a1.txt
+++ b/overrides/override-a1.txt
@@ -1,19 +1,25 @@
 #
 # override-a1 [.txt]
 #
-# This file contains Autonomous Systems (AS) or IP networks/adresses
-# which are - in fact or with a high level of confidence - anonymous
-# proxies (special country code: A1).
+# This file contains Autonomous Systems and IP networks used - in fact or with reasonable
+# confidence - for publicly available services for forwarding traffic anonymously, such as
+# VPN providers.
 #
-# Since it does not make sense to assign them to a county, they
-# will be flagged as "A1" in the database.
+# While their country code set is preserved in libloc - unless utterly bogus -, it does not
+# actually make sense to assign these to a distinct country. Therefore, they will be flagged
+# as "anonymous proxies" in libloc query results.
 #
-# Although we do not consider them to be bad entirely, they might
-# be unwanted in certain scenarios.
+# For historical reasons, parts of IPFire's web interface use "A1" as a country code for them.
+# This violates ISO 3166, and might be changed to a different country code inside a reserved
+# range in the future.
 #
-# Please note only long-living Tor relay providers with static IPs
-# are listed here, as the list of all Tor relays will be dynamically
-# generated by another script.
+# At the moment, major Tor exit relay providers are included here as well. They will be dropped
+# from this file in the future, as soon as bug #11754 has been solved and a list of Tor exit
+# relays is imported dynamically while compiling the database.
+#
+# Improvement suggestions are appreciated, please submit them as patches to the location mailing
+# list. Refer to https://lists.ipfire.org/mailman/listinfo/location and https://wiki.ipfire.org/devel/contact
+# for further information.
 #
 # Please keep this file sorted.
 #
diff --git a/overrides/override-a2.txt b/overrides/override-a2.txt
index 502948f..223b4df 100644
--- a/overrides/override-a2.txt
+++ b/overrides/override-a2.txt
@@ -1,13 +1,21 @@
 #
 # override-a2 [.txt]
 #
-# This file contains Autonomous Systems (AS) or IP networks/addresses
-# which are - in fact or with a high level of confidence - belonging
-# to satellite network providers (special country code: A2).
+# This file contains Autonomous Systems and IP networks used - in fact or with reasonable
+# confidence - for customers or dial-in pools of satellite-based internet services.
 #
-# Since a satellite uplink connection is possible from almost
-# anywhere in the world, it does not make sense to assign them to a
-# specific country. They will be flagged as "A2" in the database.
+# While their country code set is preserved in libloc - unless utterly bogus -, it does not
+# actually make sense to assign these to a distinct country, since a satellite connection is
+# possible from virtually any place in the world. Therefore, they will be flagged as "satellite
+# providers" in libloc query results.
+#
+# For historical reasons, parts of IPFire's web interface use "A2" as a country code for them.
+# This violates ISO 3166, and might be changed to a different country code inside a reserved
+# range in the future.
+#
+# Improvement suggestions are appreciated, please submit them as patches to the location mailing
+# list. Refer to https://lists.ipfire.org/mailman/listinfo/location and https://wiki.ipfire.org/devel/contact
+# for further information.
 #
 # Please keep this file sorted.
 #
diff --git a/overrides/override-a3.txt b/overrides/override-a3.txt
index d810d93..b07d4b8 100644
--- a/overrides/override-a3.txt
+++ b/overrides/override-a3.txt
@@ -1,12 +1,22 @@
 #
 # override-a3 [.txt]
 #
-# This file contains Autonomous Systems (AS) or IP networks/addresses
-# which are - in fact or with a high level of confidence - believed
-# to be worldwide anycast instances (special country codes: A3).
+# This file contains Autonomous Systems and IP networks used - in fact or with reasonable
+# confidence - for worldwide anycast services.
 #
-# It does not make sense to assign them to a certain country, they
-# will be flagged as "A3" in the database.
+# While their country code set is preserved in libloc - unless utterly bogus -, it does not
+# make sense to assign these to a distinct country. Therefore, they will be flagged as "anycast"
+# in libloc query results.
+#
+# For historical reasons, parts of IPFire's web interface use "A3" as a country code for them.
+# This violates ISO 3166, and might be changed to a different country code inside a reserved
+# range in the future.
+#
+# Improvement suggestions are appreciated, please submit them as patches to the location mailing
+# list. Refer to https://lists.ipfire.org/mailman/listinfo/location and https://wiki.ipfire.org/devel/contact
+# for further information.
+#
+# Please keep this file sorted.
 #
 
 aut-num:	AS69
diff --git a/overrides/override-other.txt b/overrides/override-other.txt
index 045b515..d232fc6 100644
--- a/overrides/override-other.txt
+++ b/overrides/override-other.txt
@@ -1,14 +1,24 @@
 #
-# override-other [.txt]
+# override-a3 [.txt]
 #
-# This file contains Autonomous Systems (AS) or IP networks/addresses
-# whose country information in corresponding RIR data is believed or proven
-# to be invalid or inaccurate and which do not match to one of the special categories
-# A[1-3].
+# This file contains Autonomous Systems and IP networks whose RIR data are believed to be inaccurate,
+# incomplete, or bogus on purpose and by chance. A small subset of its entries applies to AS descriptions,
+# while the majority covers country code assignments.
 #
-# Such networks might be legitimate (poorly maintained WHOIS data), shady
-# (networks owned by letterbox companies in offshore jurisdictions) or
-# hostile (faked RIR data in order to bypass location-based filtering).
+# The latter are crucial due to location-based firewalling or routing. Inaccurate country code assignments
+# therefore pose a security threat to these users, especially if being set intentionally to circumvent such
+# filters.
+#
+# The term "Location" may refer to the actual, physical location of a network (usually hard to enumerate
+# beyond a country-level), or its jurisdiction. To the best of our knowledge, the contents of "country"-fields
+# in RIR databases were never clarified in this conext.
+#
+# When in doubt, the physical location of a network will be used below, especially if the jurisdiction of a
+# network appears to be not helpful at all, such as offshore letterbox companies on the other end of the world.
+#
+# Improvement suggestions are appreciated, please submit them as patches to the location mailing
+# list. Refer to https://lists.ipfire.org/mailman/listinfo/location and https://wiki.ipfire.org/devel/contact
+# for further information.
 #
 # Please keep this file sorted.
 #