Re: New Status Code -- 2xx Greedy Hotel? from Mark Nottingham on 2007-03-15 (ietf-http-wg@w3.org from January to March 2007)

From: Mark Nottingham <mnot@mnot.net>
Date: Thu, 15 Mar 2007 16:30:15 +0000
To: Eric Lawrence <ericlaw@exchange.microsoft.com>
Cc: "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
Message-Id: <ED94513C-811D-4D4A-BDC5-D3661632A526@mnot.net>

On 15/03/2007, at 4:20 PM, Eric Lawrence wrote:

> I'm not sure why a 403 isn't appropriate (or at least more  
> appropriate for 409) for this case?

If an automated agent (e.g., RSS aggregator) sees a 403, they might  
take some action on it (e.g., unsubscribing, or calling the feed  
'dead'), because they think that the resource itself has a problem.  
Not sure if that's a huge issue, it could probably be handled well if  
everyone gravitated towards 403 as the solution for this particular  
problem. It seems to me that it's mostly a matter of education, and a  
distinct status code might make that easier.

I agree that 403, or maybe 400, is the best existing status code to  
use. 409 doesn't seem appropriate at all.

> In my mind, the much more interesting question is how to handle a  
> HTTPS connection in this scenario.  The hotel never provides a  
> certificate which correctly validates (since they can't get a  
> wildcard certificate that matches every link the user might choose  
> to initially visit).   The resulting certificate name mismatch  
> leads to error dialogs, failed navigations, etc.

Good question. Most of the ones I've seen recently redirect initially  
to a non-HTTPS site to avoid the certificate mismatch popup.

>
> Eric Lawrence
> Program Manager
> Internet Explorer Networking
>
> -----Original Message-----
> From: ietf-http-wg-request@w3.org [mailto:ietf-http-wg- 
> request@w3.org] On Behalf Of Mark Nottingham
> Sent: Thursday, March 15, 2007 6:48 AM
> To: ietf-http-wg@w3.org Group
> Subject: New Status Code -- 2xx Greedy Hotel?
>
>
> After being in hotels for a few weeks, I'm starting to wonder whether
> a new 2xx HTTP status code could be defined whose semantic is "This
> isn't what you asked for, but here's some information about how to
> get network access so you can eventually get it."
>
> 2xx so that browsers will display it. AFAICT, they do; or at least,
> Safari and Firefox do (see <http://www.mnot.net/test/222.asis>). IE?
> 4xx might be more appropriate, but I despair of "friendly" error
> messages. (thought they could be padded, I suppose).
>
> A new status code so that feed aggregators, automated clients, etc.
> can differentiate what they asked for from your hotel / conference
> centre / etc. asking for cash in order to get network access, and not
> get horribly messed up as a result.
>
> It would also be useful in those cases where you get redirected
> somewhere to login and get a cookie for authentication; e.g., Yahoo!,
> Google, Amazon, etc. Same situation, but slightly different use case.
>
> Thoughts?
>
> --
> Mark Nottingham     http://www.mnot.net/
>
>


--
Mark Nottingham     http://www.mnot.net/

Received on Thursday, 15 March 2007 16:30:30 UTC