Re: Reviving discussion on error code 451

Hi Greg,

> On 31 Dec 2014, at 7:06 am, Greg Wilkins <gregw@intalio.com> wrote:
> 
> 
> On 19 December 2014 at 15:07, <nicolas.mailhot@laposte.net> wrote:
>  451 Forbidden by a third party human authority
> 
> The suggestion of various names for this code illustrate to me the fundamental problem with 451.    Essentially this code is trying to add a "why" or  "by whom" information to a 403 response and there are an infinite number of such codes as there are an infinite number of situations that may cause a forbidden response:
>  • Forbidden for legal reasons: content is illegal so better get a lawyer son, better make it a good one
>  • Forbidden for legal reasons: order from a court in the server jurisdiction
>  • Forbidden for legal reasons: order from a court in client jurisdiction
>  • Forbidden for legal reasons: we got a threatening letter from a lawyer and just don't want to be involved.
>  • Forbidden for legal reasons: we don't know if you are over 18 or not.
>  • Forbidden for political reasons: the thought police will be visiting your house soon
>  • Forbidden for commercial reasons: we'd really like to sell our services to somebody that does not want you to see this content
>  • Forbidden by a policy you set: Ask your mother if you can see this content
> Fundamentally the content is forbidden and there are infinite shades of grey between absolute legal prohibition and rather not serve it just in case, plus there are extra dimensions of wont server it to you  and wont server it to where you are.
> 
> Perhaps there is some benefit to following Willy's suggestion of trying to find 3 or so classifications of why something is being forbidden, but I'm dubious that a clean and useful classifications exists.      Why not just define a new response header that can carry extra information about the reasons for a 403?   Such a header could encode detailed information regarding if the reason is legal, policy and/or precautionary, if it because of clients jurisdiction, the servers jurisdiction or the user identity etc.

I’m on the fence about 451 (whereas last year I was pretty firmly against it).

However, this doesn’t seem like a good argument against 451 — we could always construct arguments against a new protocol element this way. Enumerating the theoretical list of things that people *could* want to communicate is fundamentally uninteresting.

To me, the question is whether people will find the semantics of *this* status code useful enough — both as a server and a client — to get wide deployment.

For example, 429 (Too Many Requests) arguably could have been a 403 with a HTTP header; we went with a status code because there was clearly enough support for a more unambiguous semantic signal — even overcoming Twitter’s natural affinity for 420.

Likewise with many of the 4xx and 5xx series status codes; arguably many of them are purely explanatory, with minimal impact upon protocol mechanics.

So, what I’m looking for is effectively a big enough market for this. We’ve already heard at least one party say that they want to spider the Web for these things; what I’m waiting to hear is whether anyone else has serious plans, and whether any Web sites are considering producing the status code.

Because that’s somewhat of a chicken-and-egg problem (and the people who might want to express and/or consume these semantics are NOT likely to be here), I’ve started to privately ask around Web sites — especially those that “host” content for others — to see if there’s interest; so far, I’ve seen a non-trivial amount. I’m going to be encouraging those folks to participate here (or at least allow their interest to be registered publicly) in the New Year, so that we can make a decision that’s more informed.

OTOH if we can’t find a substantial audience for this, I agree it’s probably not justified. 

Cheers,


--
Mark Nottingham   http://www.mnot.net/

Received on Wednesday, 31 December 2014 16:55:33 UTC