W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2015

Re: Working Group Last Call for draft-ietf-httpbis-legally-restricted-status

From: Matthew Kerwin <matthew@kerwin.net.au>
Date: Tue, 13 Oct 2015 15:58:13 +1000
Message-ID: <CACweHNDmWH-iKEWgx5rJf0ssNRvHGROgFQymEpxvb_es0Ubr0A@mail.gmail.com>
To: Alex Rousskov <rousskov@measurement-factory.com>
Cc: Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>
On 13 October 2015 at 14:20, Alex Rousskov <rousskov@measurement-factory.com
> wrote:

> On 10/12/2015 06:41 PM, Mark Nottingham wrote:
> >> On 2 Oct 2015, at 4:17 am, Alex Rousskov wrote:
> ​[snip]​
> >> An *outside force* other than a "legal demand" may compel me to block a
> >> resource. I speculate that most "blocked by external forces" content in
> >> the world is blocked by external forces other than a specific "legal
> >> demand". Should those who are forced to block by an external source
> >>
> >> * block silently;
> >> * violate the draft and misuse 451;
> >> * reserve another status code for their broader(!) use case;
> > Surely that would be 403? Would it help to point this fallback out
> explicitly?
> No, 403 does not imply that I am being forced to block something by a
> 3rd party. 403 just "blocks silently", not addressing the use cases #1
> and #2 in the numbered list at the top of this email.
​Sorry for chiming in cluelessly at this point, but how is 403 silent? RFC
7231 says a 403 can have a descriptive payload; and by stating that the
reason isn't necessarily auth-related and that you can use other mechanisms
to obscure access to resources it seems to imply that 403-with-payload is
intended to be explicitly not silent.

Or are you using 'silent' to mean "not easy to generate faceted
reports/statistics"? Because if so, while people clearly care about the
Ministry of Truth interfering with access to resources, at least in the
present climate, I don't know how much people care about other "outside
forces" blocking access. Is there much value in what you propose?

> > We already have:
> > """ Responses using this status code SHOULD include an explanation,
> > in the response body, of the details of the legal demand: the party
> > making it, the applicable legislation or regulation, and what classes
> > of person and resource it applies to. """
> > So perhaps a sentence or two before that noting why this is -- i.e.
> > that the legal context varies.
> I do not think it would help unless you are willing to say that the
> "legal context" varies so much that it may perfectly apply to blocking
> reasons other than the undefined areas of "legal obstacles" and "legal
> demands" :-).
​If the obstacle or demand (explicit or implied) depends on a legal
context, is it not a legal obstacle/demand? I'm struggling to envision a
case of externally-pressured censorship that doesn't count as "legal." A
server operator who chooses not to serve content because it violates their
beliefs/ideals/etc. can just not serve that stuff. One who would otherwise
have done so, but doesn't because of external pressure... well, what does
that look like? Do they live in a highly Pastafarian region, and are afraid
of reprisal because of their insistence on using plastic colanders? Because
I think that's more of a case for a well-written 404 or 410.

  Matthew Kerwin
Received on Tuesday, 13 October 2015 05:58:46 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:39 UTC