Re: Working Group Last Call for draft-ietf-httpbis-legally-restricted-status from Mark Nottingham on 2015-10-01 (ietf-http-wg@w3.org from October to December 2015)

From: Mark Nottingham <mnot@mnot.net>
Date: Thu, 1 Oct 2015 10:59:54 +1000
To: Alex Rousskov <rousskov@measurement-factory.com>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
Message-Id: <B7347414-BC49-4D61-844B-6056F9155345@mnot.net>

Hi Alex,

> On 1 Oct 2015, at 10:37 am, Alex Rousskov <rousskov@measurement-factory.com> wrote:
> 
> If that paragraph is removed, the only justification offered for the new
> status code is:
> 
>> This status code can be used to provide transparency in circumstances
>> where issues of law or public policy affect server operations.  This
>> transparency may be beneficial both to these operators and to end
>> users.
> 
> 
> Since the existing HTTP error mechanisms can already be used to do all
> of the above, that justification is insufficient at best.
> 
> 
> I failed to find any other explanation why a new code dedicated to
> "blocked by legal demands" responses is needed.
> 
> Moreover, the term "legal demand" is itself undefined. Could it mean a
> verbal demand from XYZ legal department? A written request by a law
> enforcement officer lacking jurisdiction? Does responding with this
> status code constitute the responder's agreement that the demand to
> block was legal??

This is well-covered ground; the purpose of the status code is making it possible to track censorship and similar situations, when the party who is adhering to the legal demand wishes to say so. 

For example, Chilling Effects <https://www.chillingeffects.org/> can spider the Web for such content when such a status code is defined. There's already been pre-standardisation deployment of the status code by some sites, and interest from others.

> IMHO, the draft should be revised to remove the words "legal" and
> "demand". It should specify a generic mechanism to point to the blocking
> entity (i.e., Section 4). Such a generic mechanism can then be used by
> those who block because of "legal demands" (using their own definition
> of that term) and by those who block for other reasons.

We've already had discussion along those lines too; see <https://github.com/httpwg/http-extensions/issues/80>. I'm very concerned about trying to over-genericise this mechanism; let's not boil an ocean we don't have to.

> Alternatively, some serious effort should be made to define "legal demands"

Defining the phrase precisely on a global scale isn't realistic. What do you have in mind?

> and explain why they deserve a special HTTP status code.

That discussion needs to happen in the WG, not *necessarily* in the draft. 

Cheers,

--
Mark Nottingham   https://www.mnot.net/

Received on Thursday, 1 October 2015 01:00:34 UTC