451 Unavailable For Legal Reasons from Jacob Appelbaum on 2012-06-13 (ietf-http-wg@w3.org from April to June 2012)

From: Jacob Appelbaum <jacob@appelbaum.net>
Date: Wed, 13 Jun 2012 13:30:23 -0700
To: tbray@textuality.com
CC: Tor assistants list <tor-assistants@torproject.org>, ietf-http-wg@w3.org
Message-ID: <4FD8F85F.1000404@appelbaum.net>

Hi Tim,

I recently came across your draft. I believe that while the spirit is
admirable, in a sort of depressing sense, it's seems incorrect to
implement it properly without changing a few things...

This seems like a fatal flaw:

   The 451 status code is optional; clients cannot rely upon its use.
   It is imaginable that certain legal authorities may wish to avoid
   transparency, and not only forbid access to certain resources, but
   also disclosure that the restriction exists.

While the reason may be optional, I firmly believe that the status code
itself must be present or there is little reason for the updated spec.
Some oppressive regimes will implement it properly and more oppressive
"legal authorities" will, like with nearly all things, go further and be
completely non-standard. Non-compliance by the worst is not a good
reason to let everyone else off the hook.

Furthermore, I think this is another major issue:

   The HTTP Status Codes Registry should be updated with the following
   entries:

   o  Code: 451
   o  Description: Unavailable for Legal Reasons
   o  Specification: [ this document ]


I suggest:

-   o  Description: Unavailable for Legal Reasons
+   o  Description: Resource Unavailable, Censored and Redacted


It may be by court order with a subpoena, by legal interpretation of a
specific law such as DMCA in the US, by sanction which restricts those
unable to democratically change those laws, by social restriction or
authoritarian decree such as in China or Syria, or by accidental
corporate blocklists such as in Burma or many US corporate networks.

To lump all of this into "legal" is likely to be incorrect - rather it
is perhaps more important to disclose the result and not the unknown,
often secret or even illegal to disclose process. Additionally, this
meets the definition of unavailable ( not available or accessible or at
hand ), censored ( suppress unacceptable parts ) and redacted (for legal
*or* security reasons ) for the resource in question.

I think 451 is also a contentious code from what I've seen online but
that's an entirely different can of worms. If I might, I'd suggest 6xx
as 666 is sure to make the topic even more hilarious... ;-)

All the best,
Jacob

Received on Wednesday, 13 June 2012 20:30:57 UTC