W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2011

RE: Additional HTTP Status Codes - draft-nottingham-http-new-status-02

From: Thomson, Martin <Martin.Thomson@commscope.com>
Date: Fri, 21 Oct 2011 06:43:25 +0800
To: Willy Tarreau <w@1wt.eu>, Dan Anderson <dan-anderson@cox.net>
CC: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Message-ID: <27AFD040F6F8AA4193E0614E2E3AF9C910D7C1EC43@SISPE7MB1.commscope.com>
On 2011-10-21 at 05:46:31, Willy Tarreau wrote:
> In my opinion, everything related to client authentication easily 
> falls in the 4xx class. It means "I won't perform this request unless 
> you do something on your side", which is the case.

The problem with 4xx is that it implies an error in the client.  But to imply that the "client" in this case - an _HTTP_ client - can do anything about the network authentication situation is where this line of reasoning falls down.  To infer fault in either HTTP client or HTTP server is disingenuous.

What we are looking for an "act of god" series (c.f. insurance contracts): 

  Nothing in inherent in the request (client) or the identified resource (server) caused this request to fail.

I'm reluctant to open the 6xx series for this sort of marginal case.  Looking at the commonly induced behaviour in these cases suggests 3xx (with or without Location:).  I'll freely admit that it's still weak, but it does avoid the more obvious pitfalls.

--Martin
Received on Thursday, 20 October 2011 22:50:33 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:48 GMT