Re: New Version Notification for draft-tbray-http-legally-restricted-status-00.txt

Hi Mark,

On Thu, Jun 14, 2012 at 10:25:58AM +1000, Mark Nottingham wrote:
> On 14/06/2012, at 9:23 AM, Amos Jeffries wrote:
> > Would these types of differentiation between reasons for rejection be a
> > good case for Warning: codes on a 403 response?
> > 
> > ie
> > Warning: ... Legal Restriction
> > Warning: ... Local administrative policy
> > Warning: ... Authentication failed too many times. Your account is now closed
> > ...
> > 
> > The body of 403 can as easily contain the legal disclaimer text as any other 4xx code.
> 
> So, again -- what's the use case for a machine consuming these? I haven't
> seen one yet, unless I've missed something.

The only one I can think of is logging/accounting. Reporting to the user
"Accessing this content is illegal, this access has been logged" is for
the body, but having the user-facing proxy being able to log to a separate
file when such an event happens can probably make sense.

It reminds me an event which happened to a customer around 10 years ago,
which was a public administration. Some people noticed that one of their
offices was easy to open from the outside. And we discovered in their
proxy's logs that during the week-end, some people were coming there to
download and watch x-movies, probably because the internet access was
well sized for this, despite some filtering on the way. With automated
logging into a separate file, the local admin could have noticed the
event much earlier, because surely a number of attempts had failed.

I'm not saying this is the solution to improper log analysis, but it
shows one use case of machine-readable code.

BTW I like Amos' proposal much more than just a separate code. I was
wondering how many new codes we'd have if we created a new code for
this, and having a large set of possible warnings with the usual 403
seems a lot better to me.

Cheers,
Willy

Received on Thursday, 14 June 2012 05:44:54 UTC