- From: Yoav Nir <ynir@checkpoint.com>
- Date: Sun, 10 Jun 2012 09:53:16 +0300
- To: "'Martin Thomson'" <martin.thomson@gmail.com>, Tim Bray <tbray@textuality.com>
- CC: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
The value of status codes is in aiding trouble-shooting. So using a different code for when a MitM has made the decision, as opposed to when the server has made the decision seems appropriate. If you get a 403, you clear cookies, try again, and send an email to thepiratebay. If you got a number that shows a policy decision by the government (probably enforced by the ISP), you send an email to your congressman/MP/vote for someone else. Maybe we need several codes, for government mandate, decision by ISP, decision by your employer (implemented on a perimeter firewall), and for a policy you've asked for (like netnanny) -----Original Message----- From: Martin Thomson [mailto:martin.thomson@gmail.com] Sent: 10 June 2012 08:39 To: Tim Bray Cc: ietf-http-wg@w3.org Subject: Re: Status code for censorship? On 9 June 2012 22:05, Tim Bray <tbray@textuality.com> wrote: > The thinking about returning 403 when you're forbidden to follow a > link seems sound to me. This idea is superficially appealing; is it > deeply broken in some way that's not obvious? -Tim The temptation to suggest 418 is strong, but 403 is essentially correct. The entity making the authorization decision might not be the usual or expected one, but that is the decision they are making. --Martin p.s. It is less about following the link than it is about interacting with the resource identified by that link.
Received on Sunday, 10 June 2012 06:54:03 UTC