- From: James M Snell <jasnell@gmail.com>
- Date: Wed, 31 Dec 2014 06:12:21 -0800
- To: Willy Tarreau <w@1wt.eu>
- Cc: Niels ten Oever <lists@digitaldissidents.org>, Mark Nottingham <mnot@mnot.net>, Yoav Nir <ynir.ietf@gmail.com>, Eliot Lear <lear@cisco.com>, Greg Wilkins <gregw@intalio.com>, HTTP Working Group <ietf-http-wg@w3.org>, nicolas.mailhot@laposte.net, Bray Tim <tbray@textuality.com>
- Message-ID: <CABP7Rbfd+QqrjY8vvkdhvAOuisn=MSdFdygDuLhj__f7LasDyA@mail.gmail.com>
+1. 403 would seem to cover it well. The specific reason for the 403 may make for a moderately interesting discussion topic for someone but it's still just a 403. Not as "cool" as 451, but it's suitable. On Dec 31, 2014 6:00 AM, "Willy Tarreau" <w@1wt.eu> wrote: > Hi Greg, > > On Wed, Dec 31, 2014 at 01:06:35PM +0100, Greg Wilkins wrote: > > On 19 December 2014 at 15:07, <nicolas.mailhot@laposte.net> wrote: > > > > > 451 Forbidden by a third party human authority > > > > > > The suggestion of various names for this code illustrate to me the > > fundamental problem with 451. Essentially this code is trying to add a > > "why" or "by whom" information to a 403 response and there are an > infinite > > number of such codes as there are an infinite number of situations that > may > > cause a forbidden response: > > > > - Forbidden for legal reasons: content is illegal so better get a > lawyer > > son, better make it a good one > > - Forbidden for legal reasons: order from a court in the server > > jurisdiction > > - Forbidden for legal reasons: order from a court in client > jurisdiction > > - Forbidden for legal reasons: we got a threatening letter from a > lawyer > > and just don't want to be involved. > > - Forbidden for legal reasons: we don't know if you are over 18 or > not. > > - Forbidden for political reasons: the thought police will be visiting > > your house soon > > - Forbidden for commercial reasons: we'd really like to sell our > > services to somebody that does not want you to see this content > > - Forbidden by a policy you set: Ask your mother if you can see this > > content > > > > Fundamentally the content is forbidden and there are infinite shades of > > grey between absolute legal prohibition and rather not serve it just in > > case, plus there are extra dimensions of wont server it to you and wont > > server it to where you are. > > > > Perhaps there is some benefit to following Willy's suggestion of trying > to > > find 3 or so classifications of why something is being forbidden, but I'm > > dubious that a clean and useful classifications exists. Why not just > > define a new response header that can carry extra information about the > > reasons for a 403? Such a header could encode detailed information > > regarding if the reason is legal, policy and/or precautionary, if it > > because of clients jurisdiction, the servers jurisdiction or the user > > identity etc. > > I absolutely agree. And your examples above are the perfect illustration > of this. After all, the reasons all start by "Forbidden" which is exactly > 403. No need for an extra code here, let's just normalize a header field > which will give the exact reasons. > > So that's a big +1 from me. > > Best regards, > Willy > > >
Received on Wednesday, 31 December 2014 14:12:48 UTC