W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2012

Re: Status code for censorship?

From: James M Snell <jasnell@gmail.com>
Date: Mon, 11 Jun 2012 08:54:24 -0700
Message-ID: <CABP7Rbdu+_+d-87nKR5_joF==_365skEMp5mtL3Ys9RQQ3h-2Q@mail.gmail.com>
To: Tim Bray <tbray@textuality.com>
Cc: Mark Nottingham <mnot@mnot.net>, Karl Dubost <karld@opera.com>, ietf-http-wg@w3.org
I can definitely live with that.. anything that increases the
visibility of censorship is not a bad thing.  Looks like status code
427 is open currently.

- James

On Mon, Jun 11, 2012 at 8:39 AM, Tim Bray <tbray@textuality.com> wrote:
> Well, the practical argument is programmer behavior, in the way that client
> devs handle the codes.  I regularly see code along the lines of:
>
> else if (status == 401)
>  // do authent stuff
> else if (status == 403)
>  // apologize and explain
> else if (status/100 == 5)
>  // apologize for server misbehavior without many details (which would
> probably not be helpful to end-user anyhow)
>
> So we want a result like 403, not 5XX.  So 403 would not be flatly
> incorrect, but I still think a new 4XX would be desirable. Would it be used?
>  Well, in most web frameworks, you can already provide any old integer
> status code, so I don’t think any infrastructure development would be
> required.  I suspect the browser people would be happy to provide a
> boilerplate message if the status code became official.
>
> And finally, I am sure that some websites under government pressure would be
> happy to lie and deny censorship exists, but I am quite certain that lots of
> others would welcome the chance to make clear the responsibility for the
> blockage. I would welcome being so informed in those situations.
>
> So where’s the downside?
>
> -T
>
>
>
> On Mon, Jun 11, 2012 at 8:27 AM, James M Snell <jasnell@gmail.com> wrote:
>> On Mon, Jun 11, 2012 at 4:09 AM, Mark Nottingham <mnot@mnot.net> wrote:
>>>[snip]
>>>> Censorship happens sometimes in other states through decision of laws
>>>> and/or regulations. For example, a network in a corporate environment
>>>> blocking certain sites through proxy (such as social networks). A library
>>>> blocking some sites through proxy to other users. In these cases, the
>>>> organization in charge of it might want to advertise it for reasons which
>>>> seem perfectly legible to them.
>>>
>>> Yes. However, as discussed, current status codes can be used for this,
>>> and the HTML will explain what's going on. The one remaining motivation that
>>> I can see would be a similar situation that got us 511; non-browser devices
>>> that get confused by what's going on. However, since this isn't a redirect,
>>> but just a refusal, it's less of an issue, practically.
>>>
>>
>> True, however, with 511, there is a distinct practical action that the
>> user-agent can take in response to the specific code... namely,
>> authenticating with the network prior to retrying the request. There
>> is no such clear response action with this.
>>
>> Further, one additional consideration is the case where a particular
>> request is blocked through similar policy-driven action. A 4xx
>> response would be perfectly reasonable in such cases. My initial
>> inclination was to use a new 5xx code but the more I go through the
>> cases, the more I think 403 is just fine.
>>
>> - James
>>
>>> Cheers,
>>>
>>>
>>>
>>> --
>>> Mark Nottingham   http://www.mnot.net/
>>>
>>>
>>>
>
Received on Monday, 11 June 2012 15:55:19 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 11 June 2012 15:55:38 GMT