- From: Matthew Kerwin <matthew@kerwin.net.au>
- Date: Tue, 13 Oct 2015 15:58:13 +1000
- To: Alex Rousskov <rousskov@measurement-factory.com>
- Cc: Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>
- Message-ID: <CACweHNDmWH-iKEWgx5rJf0ssNRvHGROgFQymEpxvb_es0Ubr0A@mail.gmail.com>
On 13 October 2015 at 14:20, Alex Rousskov <rousskov@measurement-factory.com > wrote: > On 10/12/2015 06:41 PM, Mark Nottingham wrote: > >> On 2 Oct 2015, at 4:17 am, Alex Rousskov wrote: > [snip] > > >> An *outside force* other than a "legal demand" may compel me to block a > >> resource. I speculate that most "blocked by external forces" content in > >> the world is blocked by external forces other than a specific "legal > >> demand". Should those who are forced to block by an external source > >> > >> * block silently; > >> * violate the draft and misuse 451; > >> * reserve another status code for their broader(!) use case; > > > Surely that would be 403? Would it help to point this fallback out > explicitly? > > No, 403 does not imply that I am being forced to block something by a > 3rd party. 403 just "blocks silently", not addressing the use cases #1 > and #2 in the numbered list at the top of this email. > > Sorry for chiming in cluelessly at this point, but how is 403 silent? RFC 7231 says a 403 can have a descriptive payload; and by stating that the reason isn't necessarily auth-related and that you can use other mechanisms to obscure access to resources it seems to imply that 403-with-payload is intended to be explicitly not silent. Or are you using 'silent' to mean "not easy to generate faceted reports/statistics"? Because if so, while people clearly care about the Ministry of Truth interfering with access to resources, at least in the present climate, I don't know how much people care about other "outside forces" blocking access. Is there much value in what you propose? > > We already have: > > > """ Responses using this status code SHOULD include an explanation, > > in the response body, of the details of the legal demand: the party > > making it, the applicable legislation or regulation, and what classes > > of person and resource it applies to. """ > > > > So perhaps a sentence or two before that noting why this is -- i.e. > > that the legal context varies. > > > I do not think it would help unless you are willing to say that the > "legal context" varies so much that it may perfectly apply to blocking > reasons other than the undefined areas of "legal obstacles" and "legal > demands" :-). > > If the obstacle or demand (explicit or implied) depends on a legal context, is it not a legal obstacle/demand? I'm struggling to envision a case of externally-pressured censorship that doesn't count as "legal." A server operator who chooses not to serve content because it violates their beliefs/ideals/etc. can just not serve that stuff. One who would otherwise have done so, but doesn't because of external pressure... well, what does that look like? Do they live in a highly Pastafarian region, and are afraid of reprisal because of their insistence on using plastic colanders? Because I think that's more of a case for a well-written 404 or 410. Cheers -- Matthew Kerwin http://matthew.kerwin.net.au/
Received on Tuesday, 13 October 2015 05:58:46 UTC