[Doh] GDPR and IETF protocols (Was: New I-D: draft-reid-doh-operator

Stephane Bortzmeyer <bortzmeyer@nic.fr> Tue, 12 March 2019 15:26 UTC

Return-Path: <bortzmeyer@nic.fr>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 845FA130E70 for <doh@ietfa.amsl.com>; Tue, 12 Mar 2019 08:26:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.9
X-Spam-Level:
X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oRZnTjdyB21N for <doh@ietfa.amsl.com>; Tue, 12 Mar 2019 08:25:59 -0700 (PDT)
Received: from mx4.nic.fr (mx4.nic.fr [IPv6:2001:67c:2218:2::4:12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6654C130E46 for <doh@ietf.org>; Tue, 12 Mar 2019 08:25:59 -0700 (PDT)
Received: from mx4.nic.fr (localhost [127.0.0.1]) by mx4.nic.fr (Postfix) with SMTP id D4FBE28033B; Tue, 12 Mar 2019 16:25:56 +0100 (CET)
Received: by mx4.nic.fr (Postfix, from userid 500) id CF1E32804D4; Tue, 12 Mar 2019 16:25:56 +0100 (CET)
Received: from relay01.prive.nic.fr (relay01.prive.nic.fr [IPv6:2001:67c:2218:15::11]) by mx4.nic.fr (Postfix) with ESMTP id C76A928033B; Tue, 12 Mar 2019 16:25:56 +0100 (CET)
Received: from b12.nic.fr (b12.tech.ipv6.nic.fr [IPv6:2001:67c:1348:7::86:133]) by relay01.prive.nic.fr (Postfix) with ESMTP id C19BD663E080; Tue, 12 Mar 2019 16:25:56 +0100 (CET)
Received: by b12.nic.fr (Postfix, from userid 1000) id B6D8540235; Tue, 12 Mar 2019 16:25:56 +0100 (CET)
Date: Tue, 12 Mar 2019 16:25:56 +0100
From: Stephane Bortzmeyer <bortzmeyer@nic.fr>
To: Jim Reid <jim@rfc1035.com>
Cc: Stephane Bortzmeyer <bortzmeyer@nic.fr>, DoH WG <doh@ietf.org>
Message-ID: <20190312152556.ivzzvz6kcexkkxhq@nic.fr>
References: <155218771419.28706.1428072426137578566.idtracker@ietfa.amsl.com> <FACB852B-4BC4-4234-A728-9068708EFB10@rfc1035.com> <20190310080101.GA11452@laperouse.bortzmeyer.org> <1964B641-FA66-4245-82B4-1351AA042BD2@rfc1035.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <1964B641-FA66-4245-82B4-1351AA042BD2@rfc1035.com>
X-Operating-System: Debian GNU/Linux 9.8
X-Kernel: Linux 4.9.0-8-amd64 x86_64
X-Charlie: Je suis Charlie
Organization: NIC France
X-URL: http://www.nic.fr/
User-Agent: NeoMutt/20170113 (1.7.2)
X-Bogosity: No, tests=bogofilter, spamicity=0.000000, version=1.2.2
X-PMX-Version: 6.0.0.2142326, Antispam-Engine: 2.7.2.2107409, Antispam-Data: 2019.3.12.151815
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/MQ23pp2KuaHaHrbbt6aZWDm42O0>
Subject: [Doh] GDPR and IETF protocols (Was: New I-D: draft-reid-doh-operator
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Mar 2019 15:26:02 -0000

On Sun, Mar 10, 2019 at 12:54:18PM +0000,
 Jim Reid <jim@rfc1035.com> wrote 
 a message of 29 lines which said:

> GDPR is a huge, sprawling issue that cannot possibly be addressed in
> one over-arching framework for esch IETF protocol. So IMO it's best
> to approach that on a procotol-by-protpcol (or WG-by-WG)
> basis. YMMV.

It makes sense to do so if there is some specificity of the protocol
that makes it different from other protocols (a good example could be
WebRTC when a client does not disclose its source IP address just to a
known server but also to potentially unknown other clients).

But in the case of DoH, I'm not sure it is the case. The GDPR issues
seem very close to the issues of HTTP.