Re: Reviving discussion on error code 451 from nicolas.mailhot@laposte.net on 2014-12-19 (ietf-http-wg@w3.org from October to December 2014)

From: <nicolas.mailhot@laposte.net>
Date: Fri, 19 Dec 2014 15:07:46 +0100 (CET)
To: Eliot Lear <lear@cisco.com>, Bray Tim <tbray@textuality.com>, Yoav Nir <ynir.ietf@gmail.com>, Mark Nottingham <mnot@mnot.net>, Niels ten Oever <lists@digitaldissidents.org>, HTTP Working Group <ietf-http-wg@w3.org>, Willy Tarreau <w@1wt.eu>
Message-ID: <1115932062.1591367.1418998066971.JavaMail.zimbra@laposte.net>

Proposal (another one properly generalized)
-------------------------------------------------

 451 Forbidden by a third party human authority

  The 451 (Forbidden by a third party human authority) status code indicates 
  that the equipment understood the request but is forbidden to fulfil it
  by a third party human authority. 

  The error code does not distinguish between the various reasons human
  authorities  may forbid a request. Those reasons can not be addressed 
  by automated processing.

  Responses using this status code SHOULD include an explanation, in the
  response body, of the details of the restriction: the human third party
  authority imposing the restriction, its given reasons, and the eventual
  actions humans MAY perform in response to the restriction. The web client
  SHOULD relay this explanation and inform its human operators in the most
  appropriate and effective way.

  For example:

  (example response from draft)

  If authentication credentials were provided in the request, the
  equipment considers them insufficient to overcome the restrictions. 
  The client SHOULD NOT automatically repeat the request with the same
  credentials. The client MAY repeat the request with new or different
  credentials. However, the request might be forbidden for reasons 
  unrelated to the credentials.

  If authentication credentials were not provided in the request, and
  it could have been authorized with some credentials, the equipment
  SHOULD use the appropriate code to request authentication (for example 
  511, Network Authentication Required). The 451 status code MUST NOT be 
  used to trigger authentications.

  The use of the 451 status code does not imply that the equipment will be
  able to fulfil the request once the human third party restrictions have
  been lifted. Most equipments will defer technical processing after checking 
  if they are authorized to perform it. Therefore, technical problems MAY only
  be identified once the restriction is lifted.

--------------------------------------------------------------------

(Not sure if "forbidden because we have detected malware" fits in there.
Probably yes, deciding not to test the client security with malware is 
a human decision)

Received on Friday, 19 December 2014 14:08:12 UTC