Re: [Doh] GDPR and DoH

Brian Dickson <brian.peter.dickson@gmail.com> Sat, 06 April 2019 23:10 UTC

Return-Path: <brian.peter.dickson@gmail.com>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4C0AC120167 for <doh@ietfa.amsl.com>; Sat, 6 Apr 2019 16:10:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kskMqbkil69d for <doh@ietfa.amsl.com>; Sat, 6 Apr 2019 16:10:34 -0700 (PDT)
Received: from mail-qt1-x82f.google.com (mail-qt1-x82f.google.com [IPv6:2607:f8b0:4864:20::82f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A9494120096 for <doh@ietf.org>; Sat, 6 Apr 2019 16:10:34 -0700 (PDT)
Received: by mail-qt1-x82f.google.com with SMTP id s15so3134303qtn.3 for <doh@ietf.org>; Sat, 06 Apr 2019 16:10:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=uzan6MJi9CKNdXthjPO2JC7+xGXyK+q1cp6Sbv41mvc=; b=UtjPAAfB9+vTnYiAIhBmvqtasaJHNpo4uv78rrvjtH3gkiy6EH3sninkKlDXUAl+Wi eFhDhAm05KhSJwRHnJVvVeCplPAB/HGtFZGZKUHKZXIcZShVDlb1UM/WouNSP3Vm0i4p 9McZ0IZWkr9bBRXabSAWmd3K+uB95vFWKYOVOOQRVuAMNsGjJPa3BiWUQMpmWCQpEGY1 CIXPU3n7gw3vO/HKF5q5+nh+2AaqUU+MQ68oakZ+CLBhXeIt5SY4ghhNlhPaN2njjyJF OMwkRwjj6pc+w1TaJKlhC+aegyX1MI31chH8PiN1gjJkeh40oljQ595A9rUmGYDTRMff vPhQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=uzan6MJi9CKNdXthjPO2JC7+xGXyK+q1cp6Sbv41mvc=; b=rlGW5M8ygyOQKzxvkITJPZ280olOof0UVLEcsfN7FsDoAvkc8YG0jW4w4GtRwlPGbk A0plG1/ApSFqJ4HrPRz0zQrFjUTEz/wf7qYqT79nA+Ez+LYJt6MIH1DCqUFAo1TSWJOx WeQ1THzi6rQy9j7FKo3a4A6sQCp1/f+IXVor5um91ZT3rUCsVAPbZvWCzqK0iguCJh11 IHDKNA2ymYVW273TfS0WAc4GZE9DPufzkQiCv40X+9bJMSatAcGuHWKL1N9OWadEBLhV jHinCLbNdyUaHwexNH8Qp3UCp0EN58q+XSQ+Y2qwEVFuvctifcz7JswXcysjee6TULcH JNBg==
X-Gm-Message-State: APjAAAUcMkWoXJmLc5/A4OO2Z7/FdH00Wqx7uM8An/FYk0KOoyT78oci puTHXMMZULTfpERz4d67KuNXGrm7AbYPvy/IIQQ=
X-Google-Smtp-Source: APXvYqycpbUpolPvTQP0q8KDBnVDIjywts/4GcicsI8XtOF4Q/qFuNJDGTEqovlWni/6uZPv3dh395eQ5a5XsmUb3Zw=
X-Received: by 2002:ac8:1a34:: with SMTP id v49mr17840869qtj.236.1554592233825; Sat, 06 Apr 2019 16:10:33 -0700 (PDT)
MIME-Version: 1.0
References: <1700920918.12557.1552229700654@appsuite.open-xchange.com> <7667c4d7-2e78-0a27-84af-cf1c00fd4897@cs.tcd.ie> <1991054337.12802.1552259263075@appsuite.open-xchange.com> <eea64b30-aad0-a030-5360-1b1484f1d0e3@huitema.net> <CAPsNn2WhjHSEHJUEL8GB6X0d24fkajgPnY4YgkOQbXjyxb5q8Q@mail.gmail.com> <CACfw2hj07TDCxK9bm0T=JguKyuCEfW2zb_yRJnewjOYL4oxdjA@mail.gmail.com> <CACsn0cmk7NbF+ti0dU7Fp0PK8Gt4P5knC5hrHVLDY59-jaYYzA@mail.gmail.com> <6030358E-24FF-4033-B0A1-AB1123FED964@rfc1035.com> <5ce0d730-aac2-95c9-fead-64cbffa03d52@cs.tcd.ie> <D6EE01DE-EE98-4CDE-A869-6205AD3D584A@gmail.com> <6654d063-de2d-9aeb-2ad5-bea3d5c7bea3@cs.tcd.ie> <F838CF7D-9389-4A4A-ADA6-824E7BA4FE21@gmail.com> <ead4d1b3-f8b7-3d8e-877b-734ffa132c67@cs.tcd.ie> <BFEDACF7-F539-4466-A9F3-5688EA4993B8@gmail.com> <346c2bdb-1c9c-369f-1959-a3ec964c0c52@nostrum.com>
In-Reply-To: <346c2bdb-1c9c-369f-1959-a3ec964c0c52@nostrum.com>
From: Brian Dickson <brian.peter.dickson@gmail.com>
Date: Sat, 6 Apr 2019 16:10:22 -0700
Message-ID: <CAH1iCiqWWS+t5qQnSvtjcj7NJZ=Pof=COC2aXN0NpEWps828Tg@mail.gmail.com>
To: Adam Roach <adam@nostrum.com>
Cc: Stephen Farrell <stephen.farrell@cs.tcd.ie>, DoH WG <doh@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000de29550585e4b5d3"
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/5vCbtlXQKy7pbK3DiBGpWz-4oX4>
Subject: Re: [Doh] GDPR and DoH
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 06 Apr 2019 23:10:37 -0000

On Sat, Apr 6, 2019 at 3:20 PM Adam Roach <adam@nostrum.com> wrote:

> On 4/6/19 5:08 PM, Brian Dickson wrote:
> > Again, the above is MHO, but also, this consent problems is an issue
> that crosses over the line where leaving it unsettled by stating it is an
> issue we don’t agree to, does a disservice to the community of users of DNS.
>
>
> Engineers and lawyers practice rather different professions, both of
> which require extensive training and experience. When all the dust
> settles, it really doesn't matter what *we* think on these topics, in
> much the same way that it's not terribly important what the American Bar
> Association might think about TCP window size management. Jim and Watson
> both wisely deferred, at least in the abstract, to legal experts. I
> advise that this is the proper tactic.
>

Maybe, yes, and no. The problem in the above is the use of pronouns. :-)

But seriously, there are multiple variations on the issue, where the need
for lawyers, and/or the length and depth of those discussions, vary
considerably.

The possibilities I see include the following (and possibly others, such as
DoT):

   - DoH is off by default, and the DoH server field is empty (requires
   explicit user entry)
   - DoH is off by default, and the DoH server field is a drop-down list
   plus "other" (user entered), with no selected choice
   - DoH is off by default, and the DoH server field is a drop-down list or
   user-entry field, pre-populated with the system's configured DNS entries
   (static or DHCP-provided)
   - DoH is off by default, and the DoH server field is a drop-down list or
   user-entry field, pre-populated with something other than the system's
   configured DNS entries
   - DoH upgrade is on by default,  and the DoH server field is a drop-down
   list or user-entry field, pre-populated with the system's configured DNS
   entries (static or DHCP-provided)
   - DoH is on by default, and the DoH server field is a drop-down list or
   user-entry field, pre-populated with something other than the system's
   configured DNS entries

In the above cases where there is no pre-populated entry, or the system
server is what is pre-populated, I would expect a conversation with a
lawyer knowledgable in the field to be very brief.
"The only way the user can change their DNS resolver choice is by actively
typing text or doing a list-select? Okay, sounds good."
"Turning on DoH doesn't change the DNS provider? Great."
"Can the user force the resolver operator to use DoH, or does the operator
also have to enable DoH? Has to enable it? Great."

For the other cases, I agree with Jim and Watson. I wanted to make the
distinction above, since those are apples and oranges (rooted in changing
the DNS provider, irrespective of anything else).

Brian