Re: [Doh] GDPR and DoH

Brian Dickson <> Sat, 06 April 2019 19:57 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 6758A12036A for <>; Sat, 6 Apr 2019 12:57:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id gPjRpLCIIbDU for <>; Sat, 6 Apr 2019 12:57:42 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:4864:20::635]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id E67EB120369 for <>; Sat, 6 Apr 2019 12:57:41 -0700 (PDT)
Received: by with SMTP id y6so4889651pll.13 for <>; Sat, 06 Apr 2019 12:57:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=mHvu0DvIKf+yCNsX8QyPfZNEHVC9lXp/1HWi/3/xr5w=; b=FLcIODap1PcigsoQFENSC8gR2gLaYWJ1smDc6X1tWW4bo+vl8GLg78ItI51QkN4ClH seJXM9U3+o73cLN4Dtt2lIhYWbAQNJP7hjIjpk8M0FGOgMtPZyO80nyU1sdMrBql5sVe +AlYAwfLvaghTaI4K2Np/3GNAPp4V1dLzbCAvBjuwwq0VWDjy0BTMB7JCdD38BPtXvyZ Wpg0nIc0NutCqIf61qTaqY3Ovw4QJJQGZVG+sw69eOv01+mYq7M1gsYBulzPq8wyLQ/5 DA6hx1UlneNQ+WvhAMPtF+E/E5LPQyHmul7TiqMFRsjn14zyNMXsK4upzZBzfOs4UA8l t0Yw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=mHvu0DvIKf+yCNsX8QyPfZNEHVC9lXp/1HWi/3/xr5w=; b=HNbinN5FTsHmuvdV3HcR5z0S9gONUhUsn/yg/XxKZ7sjKaKw0Y8D/pvzf4EBc2QiCa 8lJnbiyiCe5aUquBemodaVVpin42VSvlSSIYII8Y969ylcrntYu0DztoCcg+EZRRL3zL 8QgoLA9nd3Q+P5bJER9YyD/dIU9WsyzU9kJP5cRldyRfCwJg1gIFgbEtSKELyjQJu8R7 WZr4SoLaTac5otVaJoB/dr8Qa5w2K+gLgUqSRmhVKy5b23pYoORZbRmMxAqp7txSt7Lm 70A/kly91woUo6Wb0xrfByHSQNvgb2u/BDYPZ5vL7JmBwlSS0XljbqhZ2XkKopor39mS X+6w==
X-Gm-Message-State: APjAAAU78qRRBmeimkWGXaOwlOgOdHX0HRoyXWE9+90pwEoG8V3x01oM zKNdLtEBdDhsvwuRQIEiVcgcVnnw
X-Google-Smtp-Source: APXvYqwlf0AYNHJHiUwo+Ggqj9kncMAgmS527bsjOhtuGaZ8DASYNB1h4E8nougFa7ilT+SCbVYoaw==
X-Received: by 2002:a17:902:70c8:: with SMTP id l8mr20982392plt.177.1554580661391; Sat, 06 Apr 2019 12:57:41 -0700 (PDT)
Received: from ?IPv6:2601:646:8881:1fb4:a916:414e:bbe:b7b0? ([2601:646:8881:1fb4:a916:414e:bbe:b7b0]) by with ESMTPSA id f6sm22350747pgq.11.2019. (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 06 Apr 2019 12:57:40 -0700 (PDT)
Content-Type: multipart/alternative; boundary=Apple-Mail-F78DD7FF-71A3-4B7C-801D-D70D6EEB95F1
Mime-Version: 1.0 (1.0)
From: Brian Dickson <>
X-Mailer: iPhone Mail (16E227)
In-Reply-To: <>
Date: Sat, 6 Apr 2019 12:57:40 -0700
Cc: DoH WG <>
Content-Transfer-Encoding: 7bit
Message-Id: <>
References: <> <> <> <> <> <> <> <> <> <>
To: Stephen Farrell <>
Archived-At: <>
Subject: Re: [Doh] GDPR and DoH
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DNS Over HTTPS <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sat, 06 Apr 2019 19:57:45 -0000


Sent from my iPhone

> On Apr 6, 2019, at 11:53 AM, Stephen Farrell <> wrote:
> Hi Jim,
>> On 06/04/2019 19:30, Jim Reid wrote:
>>> On 6 Apr 2019, at 19:04, Watson Ladd <>
>>> wrote:
>>> You know you can just turn it off the same way you configure your 
>>> devices on your network. I also don't understand the GDRP issue
>>> you raise: surely all DNS services have the same problems.
>> Read this: 
> Too much text there for me sorry:-)
> FWIW, I also don't get the GDPR angle here. If it's meant as
> an issue of consent related to selection of DNS server, ISTM
> more or less the same - if by picking an ISP I'm supposed to
> have consented to the ISP's choice of recursive that same
> argument seems to apply for a browser-chosen recursive since
> the user chose the browser. (And I'd actually argue there is
> no valid consent as to choice of recursive in either case,
> since IMO a person cannot consent to use of something they
> don't know exists, and people in general do not know that
> DNS recursives exist.)
> So can you explain the specific GDPR-related issue that you
> think is relevant?


It didn’t take me more than about 30 seconds of reading the linked article to get to the heart of the issue.

It has to do with whether something that requires consent is a necessary part of the service or transaction.

It has been clearly demonstrated that browsers do not have to provide DNS resolution (since they have not done so for about 25 years).

This means that requiring the user to use the browser’s selection of DNS resolver, and implementing a DNS forwarder in the browser, would not be covered by the general acceptance of the browser’s terms. In other words, an extra level of informed user consent would be required for GDPR, and not accepting that second set of terms should not prevent the use of the browser. Tying the two together would be a violation, at least as I understand it as explained by the link Jim provided.

>> If you need further advice on GDPR, consult a Data Protection
>> Authority or a lawyer who specialises in this field.