This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
[atlas] Proposal: Measure well-known CDNs,[CDN-HTTP]
- Previous message (by thread): [atlas] Proposal: Measure well-known CDNs,[CDN-HTTP]
- Next message (by thread): [atlas] Proposal: Measure well-known CDNs,[CDN-HTTP]
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Lukas Tribus
lukas at ltri.eu
Tue Dec 20 17:48:08 CET 2022
Hello, On Tue, 20 Dec 2022 at 14:38, <ripe.net at toppas.net> wrote: > But maybe there's another way, to select which one of those providers/CDNs to measure? > Instead of manually selecting them, there could be some sort of "threshold" which a > provider/CDN has to reach One layer of indirection doesn't solve that. You are just selecting CDN indirectly then, by picking an arbitrary "threshold" that works well for group A and doesn't for group B. I also really can't come up with a single publicly verifiable value that would work well for this. I doubt that the availability of favicon.ico on a certain CDN is a useful health check; lots of things can go wrong at a CDN which do not impair favicon.ico delivery. I think the entire idea of CDN-HTTP is flawed and I would much rather see RIPE invest their resources into improving ATLAS generally. ATLAS is not downdetector.com or Cloudflare Radar and it isn't a tool for end-users. I don't see a lot of value in CDN-HTTP, but lots of problems. I'm suggesting dropping CDN-HTTP altogether and focusing the effort on GENERIC-HTTP instead which can be very useful for everyone. However it needs some discussion: - where have those security concerns been previously discussed? The arguments sound a little hand-waving'y to me. Is this really that big of a deal that we need an opt-in approach? Are you suggesting that people deploy ATLAS probes in security sensitive inside parts of corporate networks? And those security concerns affect only GENERIC-HTTP not other currently available measurements like DNS? NLNOG RING provides *root access* to Ubuntu VMs in a large number of organizations across the globe, we are talking about small HTTP HEAD and GET requests here. I agree that with an opt-in approach this feature is likely useless, for questionable security concerns. - I think HTTPS would be very useful, considering that we are already talking about STARTTLS (which seems more complicated to me), is HTTPS support for GENERIC-HTTP really that long down the road? I'm talking about HTTP/1.1 over TLS. - data retention policies can always be modified at any point in time based on actual data, I don't think this is a big deal -- cheers, lukas
- Previous message (by thread): [atlas] Proposal: Measure well-known CDNs,[CDN-HTTP]
- Next message (by thread): [atlas] Proposal: Measure well-known CDNs,[CDN-HTTP]
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]