- From: Michael Sweet <msweet@apple.com>
- Date: Fri, 19 Dec 2014 06:17:27 -0500
- To: Tim Bray <tbray@textuality.com>
- Cc: Stefan Eissing <stefan.eissing@greenbytes.de>, Willy Tarreau <w@1wt.eu>, Eliot Lear <lear@cisco.com>, Yoav Nir <ynir.ietf@gmail.com>, Mark Nottingham <mnot@mnot.net>, Niels ten Oever <lists@digitaldissidents.org>, HTTP Working Group <ietf-http-wg@w3.org>
- Message-id: <0A6954DD-2872-44BC-9AE4-5165A04FDF3E@apple.com>
Maybe just "451 Censored", with the definition that a person or legal entity has requested that the resource not be served to the client. That makes it clear that the content exists but cannot be served. Sent from my iPad > On Dec 19, 2014, at 12:10 AM, Tim Bray <tbray@textuality.com> wrote: > >> On Thu, Dec 18, 2014 at 3:09 AM, Stefan Eissing <stefan.eissing@greenbytes.de> wrote: > >> Proposal: >> ------------------------------------------------------------------- >> 451 Unavailable For Legal Reasons >> >> The 451 (Unavailable For Legal Reasons) status code indicates that >> the server understood the request but is unable to fulfill it due >> to legal reasons. > > Whatever the merits of the rest of Stefan’s proposal, the sentence proposed above won’t work; here’s why: I am not a lawyer, but earlier in the life of the document, I did consult a lawyer, on the staff of A Former Employer, who pointed out that phrases like “unable to fulfill it due to legal reasons” are inappropriate because they suggest that the service provider is in agreement that the claim being asserted has legal validity. This is something that nobody with good legal advice is going to do. Thus the current language, “denied as a consequence of legal demands”, and “for use when a server operator has a received a legal demand to deny access to a resource”. It carefully doesn’t say anything about whether the demand is legally justified; just that there has been a demand, and the provider has decided to deny access. > > As for the rest of Stefan’s proposal… > >> If authentication credentials were provided in the request, the >> server considers them insufficient to overcome the legal restrictions. >> The client SHOULD NOT automatically repeat the request with the same >> credentials. The client MAY repeat the request with new or different >> credentials. However, a target resource might be legally restricted >> for reasons unrelated to the credentials. > > > Meh. Not opposed, but does this really add any value? The vast majority of real-world cases are plain old unauthenticated GET requests. > >> An origin server that wishes to "hide" the current existence of a >> such a target resource (and the fact that it was legally restricted >> to serve it) MAY instead respond with a status code of 404 (Not Found). > > I am strongly against saying this. The purpose is to specify a status code for use in a particular circumstance. Its use obviously is not compulsory and if someone doesn’t want to use it, they should just not use it. > >
Received on Friday, 19 December 2014 11:17:54 UTC