W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2012

Re: Status code for censorship?

From: Mark Nottingham <mnot@mnot.net>
Date: Mon, 11 Jun 2012 09:20:13 +1000
Cc: Tim Bray <tbray@textuality.com>, ietf-http-wg@w3.org
Message-Id: <75F31997-D30E-467B-8D2F-EC429F9EBC03@mnot.net>
To: James M Snell <jasnell@gmail.com>
4xx status codes indicate that the problem is at the client; 5xx indicates that the error is at the server.

Since HTTP is a layer 7 protocol, not layer 8 (or 9, or 10, depending on how you're counting; I go by the t-shirt), there are going to be arguments for both sides.

If we had to choose, I'd go with a 5xx, because there's clear precedent for intermediary-related errors occurring there (most recently, 511), and this is essentially an intermediary problem. Something like "512 Network Policy Violation". 

However, it'd need to get deployed. Since the primary objective of such a status code seems to be to raise the visibility of censorship, thereby (presumably) causing some reaction against it, it seems unlikely that it'll happen in places where there's strong oversight of whoever is deploying it.

Also, there's the question of whether the IETF should do this; by allocating a status code for censorship, we'd be explicitly supporting its use. Given the IESG's stance on similar issues in the past (e.g., <http://www.ietf.org/rfc/rfc2804.txt>), I suspect adding a status code for censorship would at least require some serious discussion at that level, if not a plenary session, etc.

Cheers,

P.S. The interesting part, for me, is that this is a perfectly valid use of 403, according to our specs:

"The server understood the request, but refuses to authorize it."

Note "server", not "origin server" -- which in both 2616 and bis means *any* server in the chain can send it. 

We also talk about transforming proxies, but the most that's required in this instance is to add a 214 Transformation Applied warn-code. Even then, it's not clearly required, because it's defined in terms of changing the representation, not giving what's effectively a status message:

"""
3.6.6 214 Transformation Applied

must be added by a proxy if it applies any transformation to the representation, such as changing the content-coding, media-type, or modifying the representation data, unless this Warning code already appears in the response.
"""




On 11/06/2012, at 4:51 AM, James M Snell wrote:

> Quite honestly, while 403 would probably work just fine, I think a dedicated status code in the 5xx range would make for a better approach, if only from an informational point of view.
> 
> HTTP/1.1 512 Service Blocked
> 
> Sends a very clear message and makes the fact that the service is being censored, as opposed to merely being technically unavailable, quite clear.
> 
> On Jun 9, 2012 10:09 PM, "Tim Bray" <tbray@textuality.com> wrote:
> Check out http://yro.slashdot.org/story/12/06/09/1927246/an-http-status-code-for-censorship
> 
> The thinking about returning 403 when youíre forbidden to follow a link seems sound to me.  This idea is superficially appealing; is it deeply broken in some way thatís not obvious?  -Tim

--
Mark Nottingham   http://www.mnot.net/
Received on Sunday, 10 June 2012 23:20:43 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Sunday, 10 June 2012 23:20:50 GMT