Geofeed Adoption and Authentication
Dipsy Desai, Kicho Yu, Sulyab Thottungal Valapu
TL;DR
This paper investigates IP Geofeed adoption, adherence to RFCs 8805 and 9092, and authentication for geolocation data. It provides an empirical study across RIRs and ASes, revealing that adoption is in an early stage with RIPE NCC leading but only a small fraction of prefixes annotated with geofeed data. The authors critique the RFC 9092-based authentication as overly rigid and propose a PKI-based two-step approach to authenticate geofeed publishers and their data, supported by simulations showing promise in scalability and cross-publisher trust. They also quantify RFC adherence and data quality, finding substantial portions of lines and URLs noncompliant, and highlight the need for real-world validation and broader data sources. The work offers a practical path toward more secure, scalable geofence-like geolocation signals that could improve routing, localization, and user experience while acknowledging current limitations and future research directions.
Abstract
IP Geofeed is a recently proposed informational standard that allows network operators to publish the geographical location of deployed IPv4 and IPv6 prefixes. In this work we study the adoption of IP geofeed, assess deployment of geofeed at Regional Internet Registry and Autonomous System levels, and analyze adherence to RFC 8805 and RFC 9092 in deployed geofeeds. We evaluate the authentication mechanism proposed in RFC 9092 and find that it lacks key features from a security perspective. We propose a novel approach to simplify the authentication of geofeeds and assess its efficiency using different benchmarks. Our findings highlight the challenges in current geofeed adoption and the potential for improving both security and scalability in geofeed validation processes.