W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2012

Re: Status code for censorship?

From: J Ross Nicoll <jrn@jrn.me.uk>
Date: Sun, 10 Jun 2012 10:30:26 +0100
Message-ID: <4FD46932.1030609@jrn.me.uk>
To: ietf-http-wg@w3.org
Technically, the request is not intended to be repeated if you see a 403 
( "Authorization will not help and the request SHOULD NOT be repeated." )

My interpretation has always been that 403 is a fairly broad-scoped 
error code, and this is not accidental. If there's a need to provide 
machine-readable detail, I would suggest a new header is the correct answer.

Although surely the correct answer here is that the connections should 
be rejected at the TCP level, anyway.

On 10/06/2012 07:53, Yoav Nir wrote:
> The value of status codes is in aiding trouble-shooting. So using a different code for when a MitM has made the decision, as opposed to when the server has made the decision seems appropriate.
>
> If you get a 403, you clear cookies, try again, and send an email to thepiratebay.
> If you got a number that shows a policy decision by the government (probably enforced by the ISP), you send an email to your congressman/MP/vote for someone else.
>
> Maybe we need several codes, for government mandate, decision by ISP, decision by your employer (implemented on a perimeter firewall), and for a policy you've asked for (like netnanny)
>
> -----Original Message-----
> From: Martin Thomson [mailto:martin.thomson@gmail.com]
> Sent: 10 June 2012 08:39
> To: Tim Bray
> Cc: ietf-http-wg@w3.org
> Subject: Re: Status code for censorship?
>
> On 9 June 2012 22:05, Tim Bray <tbray@textuality.com> wrote:
>> The thinking about returning 403 when you're forbidden to follow a
>> link seems sound to me.  This idea is superficially appealing; is it
>> deeply broken in some way that's not obvious?  -Tim
> The temptation to suggest 418 is strong, but 403 is essentially correct.  The entity making the authorization decision might not be the usual or expected one, but that is the decision they are making.
>
> --Martin
>
> p.s. It is less about following the link than it is about interacting with the resource identified by that link.
>
>
Received on Sunday, 10 June 2012 09:30:54 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Sunday, 10 June 2012 09:31:03 GMT