Re: [Doh] GDPR and DoH

Jim Reid <jim@rfc1035.com> Sun, 07 April 2019 15:53 UTC

Return-Path: <jim@rfc1035.com>
X-Original-To: doh@ietfa.amsl.com
Delivered-To: doh@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BB44B12015A for <doh@ietfa.amsl.com>; Sun, 7 Apr 2019 08:53:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kvW_KHeE8kzd for <doh@ietfa.amsl.com>; Sun, 7 Apr 2019 08:53:01 -0700 (PDT)
Received: from shaun.rfc1035.com (smtp.v6.rfc1035.com [IPv6:2001:4b10:100:7::25]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6AF10120103 for <doh@ietf.org>; Sun, 7 Apr 2019 08:53:01 -0700 (PDT)
Received: from gromit.rfc1035.com (gromit.rfc1035.com [195.54.233.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by shaun.rfc1035.com (Postfix) with ESMTPSA id 91840242109D; Sun, 7 Apr 2019 15:52:57 +0000 (UTC)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
From: Jim Reid <jim@rfc1035.com>
In-Reply-To: <de4e8320-302d-181d-09d6-34659763da2a@nostrum.com>
Date: Sun, 7 Apr 2019 16:52:56 +0100
Cc: Stephen Farrell <stephen.farrell@cs.tcd.ie>, DoH WG <doh@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <A1D48969-2261-4960-8DD3-0B76369093A6@rfc1035.com>
References: <1700920918.12557.1552229700654@appsuite.open-xchange.com> <7667c4d7-2e78-0a27-84af-cf1c00fd4897@cs.tcd.ie> <1991054337.12802.1552259263075@appsuite.open-xchange.com> <eea64b30-aad0-a030-5360-1b1484f1d0e3@huitema.net> <CAPsNn2WhjHSEHJUEL8GB6X0d24fkajgPnY4YgkOQbXjyxb5q8Q@mail.gmail.com> <CACfw2hj07TDCxK9bm0T=JguKyuCEfW2zb_yRJnewjOYL4oxdjA@mail.gmail.com> <CACsn0cmk7NbF+ti0dU7Fp0PK8Gt4P5knC5hrHVLDY59-jaYYzA@mail.gmail.com> <6030358E-24FF-4033-B0A1-AB1123FED964@rfc1035.com> <5ce0d730-aac2-95c9-fead-64cbffa03d52@cs.tcd.ie> <AE840785-E355-4BCA-A9E1-AFFA069D801C@rfc1035.com> <de4e8320-302d-181d-09d6-34659763da2a@nostrum.com>
To: Adam Roach <adam@nostrum.com>
X-Mailer: Apple Mail (2.3445.9.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/doh/fv5LFyeru6-KWJbrq4SOBkbd-tk>
Subject: Re: [Doh] GDPR and DoH
X-BeenThere: doh@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DNS Over HTTPS <doh.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/doh>, <mailto:doh-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/doh/>
List-Post: <mailto:doh@ietf.org>
List-Help: <mailto:doh-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/doh>, <mailto:doh-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 07 Apr 2019 15:53:03 -0000

On 7 Apr 2019, at 15:55, Adam Roach <adam@nostrum.com> wrote:
> 
> On 4/7/19 15:33, Jim Reid wrote:
>> That said, I think it’s important that this WG is at least aware of these problems and documents them somehow.
> 
> Are we going to do a survey of privacy regulations in the other 167 countries also?

IMO no. That’s clearly impractical. Even if the IETF had the appropriate legal expertise. Which it doesn’t.

I think we should approach these issues on a case-by-case basis when they emerge and are brought to the IETF’s attention. EU regulations might need closer consideration because: (a) they tend to be at the vanguard on data protection/privacy issues; (b) other countries often cut & paste (pretty much) EU data protection/privacy stuff into their own legislation.

> How frequently do you see us updating such documentation?

As and when the need arises? Like we do with every RFC. :-)

The sort of documentation I had in mind would be something like: “Here’s what we as protocol experts think the impact of GDPR (or whatever) might be on deployment of protocol X: .... This is not legal advice. For definitive information, consult your DPA and/or suitably qualified legal advisors. The IETF hopes the info above may be useful input to those discussions that need to take place elsewhere.”.