Re: [Doh] GDPR and DoH

Jim Reid <> Sun, 07 April 2019 16:29 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 3EA8E1200EF for <>; Sun, 7 Apr 2019 09:29:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id T4_XkywYPEGj for <>; Sun, 7 Apr 2019 09:29:02 -0700 (PDT)
Received: from ( [IPv6:2001:4b10:100:7::25]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 22A5512000E for <>; Sun, 7 Apr 2019 09:29:02 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPSA id D4ABE242109D; Sun, 7 Apr 2019 16:28:54 +0000 (UTC)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
From: Jim Reid <>
In-Reply-To: <>
Date: Sun, 7 Apr 2019 17:28:54 +0100
Cc: DoH WG <>
Content-Transfer-Encoding: quoted-printable
Message-Id: <>
References: <> <> <> <> <> <> <> <> <> <> <>
To: Stephen Farrell <>
X-Mailer: Apple Mail (2.3445.9.1)
Archived-At: <>
Subject: Re: [Doh] GDPR and DoH
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DNS Over HTTPS <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sun, 07 Apr 2019 16:29:03 -0000

On 7 Apr 2019, at 15:07, Stephen Farrell <> wrote:
> From the above, it sounds like you agree there is no effect on
> the DoH WG.

I didn’t say that Stephen.

IMO GDPR has no impact on the DoH *protocol*. GDPR does have an impact on how that protocol gets used and deployed. This needs to be discussed at the IETF and the obvious home for that discussion seems to be the DoH WG - at least for now. The WG is explicitly chartered to work on DoH’s security and privacy issues. If not there, then where?

You said you "agree that we need to consider GDPR issues, where they exist” and seem to be saying that there are no new GDPR issues caused by DoT/DoH. Well, the issues are new. Sort of. Although they’ve been around for a while, as you said they “have been largely or totally ignored until very recently”. Maybe they should have been discussed earlier. But that earlier non-discussion doesn’t seem to me to be a valid reason for dismissing these concerns now that they have been raised. YMMV.