Re: [Doh] GDPR and DoH

Jim Reid <> Sun, 07 April 2019 15:53 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id BB44B12015A for <>; Sun, 7 Apr 2019 08:53:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id kvW_KHeE8kzd for <>; Sun, 7 Apr 2019 08:53:01 -0700 (PDT)
Received: from ( [IPv6:2001:4b10:100:7::25]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 6AF10120103 for <>; Sun, 7 Apr 2019 08:53:01 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPSA id 91840242109D; Sun, 7 Apr 2019 15:52:57 +0000 (UTC)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
From: Jim Reid <>
In-Reply-To: <>
Date: Sun, 7 Apr 2019 16:52:56 +0100
Cc: Stephen Farrell <>, DoH WG <>
Content-Transfer-Encoding: quoted-printable
Message-Id: <>
References: <> <> <> <> <> <> <> <> <> <> <>
To: Adam Roach <>
X-Mailer: Apple Mail (2.3445.9.1)
Archived-At: <>
Subject: Re: [Doh] GDPR and DoH
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DNS Over HTTPS <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sun, 07 Apr 2019 15:53:03 -0000

On 7 Apr 2019, at 15:55, Adam Roach <> wrote:
> On 4/7/19 15:33, Jim Reid wrote:
>> That said, I think it’s important that this WG is at least aware of these problems and documents them somehow.
> Are we going to do a survey of privacy regulations in the other 167 countries also?

IMO no. That’s clearly impractical. Even if the IETF had the appropriate legal expertise. Which it doesn’t.

I think we should approach these issues on a case-by-case basis when they emerge and are brought to the IETF’s attention. EU regulations might need closer consideration because: (a) they tend to be at the vanguard on data protection/privacy issues; (b) other countries often cut & paste (pretty much) EU data protection/privacy stuff into their own legislation.

> How frequently do you see us updating such documentation?

As and when the need arises? Like we do with every RFC. :-)

The sort of documentation I had in mind would be something like: “Here’s what we as protocol experts think the impact of GDPR (or whatever) might be on deployment of protocol X: .... This is not legal advice. For definitive information, consult your DPA and/or suitably qualified legal advisors. The IETF hopes the info above may be useful input to those discussions that need to take place elsewhere.”.