Re: [Doh] GDPR and DoH

Adam Roach <> Sun, 07 April 2019 14:46 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 9E661120049 for <>; Sun, 7 Apr 2019 07:46:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.98
X-Spam-Status: No, score=-1.98 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, T_SPF_HELO_PERMERROR=0.01, T_SPF_PERMERROR=0.01] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id Lcther9YE8pS for <>; Sun, 7 Apr 2019 07:46:30 -0700 (PDT)
Received: from ( [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id D4E1F120005 for <>; Sun, 7 Apr 2019 07:46:30 -0700 (PDT)
Received: from ( []) (authenticated bits=0) by (8.15.2/8.15.2) with ESMTPSA id x37EkSp0087585 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Sun, 7 Apr 2019 09:46:29 -0500 (CDT) (envelope-from
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;; s=default; t=1554648390; bh=klNkwNLlBQ5sEOMx9qJbBlSJLaoqtIjDJa4D2koeU9o=; h=Subject:To:Cc:References:From:Date:In-Reply-To; b=NGPmF6L1TzzkSHv8q930SGVBYK9SvjZH/Ta2swR3JCoy3umOH6EXMnhDMWqCKFBUR Rt4wLDFCirLzkHwkv2+Dav9fKO3eyt4wJHs+3HwY4UaCUUTFuzDMxOYX61x1/WHunL 6zklkke+IazNxWsMwukbl+93CePHxdb4JNiftFQg=
X-Authentication-Warning: Host [] claimed to be
To: Vittorio Bertola <>
Cc: DoH WG <>
References: <> <> <> <> <> <> <> <> <> <> <> <> <> <> <> <>
From: Adam Roach <>
Message-ID: <>
Date: Sun, 7 Apr 2019 16:46:23 +0200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:60.0) Gecko/20100101 Thunderbird/60.6.1
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Content-Language: en-US
Archived-At: <>
Subject: Re: [Doh] GDPR and DoH
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DNS Over HTTPS <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sun, 07 Apr 2019 14:46:32 -0000

On 4/7/19 10:43, Vittorio Bertola wrote:
> This is the objection that led several people to raise this point in the discussion, and I think it is a valid objection even if we are not lawyers.

There was context to my reply: Stephen had provided his rationale for 
why he thought that Brian's interpretation of the GDPR was not 
necessarily correct. Brian responded by saying that this disagreement in 
the IETF over GDPR consent applicability was a disservice to users.

The point of my response is that it's really not: even if the IETF were 
to form a consensus position on the topic of GDPR applicability, it 
wouldn't be worth the paper it's written on. As a technical standards 
body, we're just not the experts here.

To be clear, I think we should and do take into consideration issues of 
user privacy and agency and several closely related topics. What I'm 
objecting to is the attempt to parse applicability of finer points of 
the GDPR: these are legal issues, and we are not lawyers. The line I'm 
drawing here is roughly the one between Natural Law and Positive Law.

I would advise that anyone who wants to discuss the Natural Law 
implications do so in a thread with a different subject line, and that 
those who want to discuss GDPR applicability do so in a legal forum 
rather than a technical one.