Re: Reviving discussion on error code 451 from Greg Wilkins on 2014-12-31 (ietf-http-wg@w3.org from October to December 2014)

From: Greg Wilkins <gregw@intalio.com>
Date: Wed, 31 Dec 2014 13:06:35 +0100
To: nicolas.mailhot@laposte.net
Cc: Eliot Lear <lear@cisco.com>, Bray Tim <tbray@textuality.com>, Yoav Nir <ynir.ietf@gmail.com>, Mark Nottingham <mnot@mnot.net>, Niels ten Oever <lists@digitaldissidents.org>, HTTP Working Group <ietf-http-wg@w3.org>, Willy Tarreau <w@1wt.eu>
Message-ID: <CAH_y2NF=Pri_fy8Z-C-aqfm+gpBRrpTQryeo664OBQVbW=Xw0w@mail.gmail.com>

On 19 December 2014 at 15:07, <nicolas.mailhot@laposte.net> wrote:

>  451 Forbidden by a third party human authority


The suggestion of various names for this code illustrate to me the
fundamental problem with 451.    Essentially this code is trying to add a
"why" or  "by whom" information to a 403 response and there are an infinite
number of such codes as there are an infinite number of situations that may
cause a forbidden response:

   - Forbidden for legal reasons: content is illegal so better get a lawyer
   son, better make it a good one
   - Forbidden for legal reasons: order from a court in the server
   jurisdiction
   - Forbidden for legal reasons: order from a court in client jurisdiction
   - Forbidden for legal reasons: we got a threatening letter from a lawyer
   and just don't want to be involved.
   - Forbidden for legal reasons: we don't know if you are over 18 or not.
   - Forbidden for political reasons: the thought police will be visiting
   your house soon
   - Forbidden for commercial reasons: we'd really like to sell our
   services to somebody that does not want you to see this content
   - Forbidden by a policy you set: Ask your mother if you can see this
   content

Fundamentally the content is forbidden and there are infinite shades of
grey between absolute legal prohibition and rather not serve it just in
case, plus there are extra dimensions of wont server it to you  and wont
server it to where you are.

Perhaps there is some benefit to following Willy's suggestion of trying to
find 3 or so classifications of why something is being forbidden, but I'm
dubious that a clean and useful classifications exists.      Why not just
define a new response header that can carry extra information about the
reasons for a 403?   Such a header could encode detailed information
regarding if the reason is legal, policy and/or precautionary, if it
because of clients jurisdiction, the servers jurisdiction or the user
identity etc.

regards




-- 
Greg Wilkins <gregw@intalio.com>  @  Webtide - *an Intalio subsidiary*
http://eclipse.org/jetty HTTP, SPDY, Websocket server and client that scales
http://www.webtide.com  advice and support for jetty and cometd.

Received on Wednesday, 31 December 2014 12:07:03 UTC