Re: http status code for site blocked

At 10:50 AM 12/10/2002 +0500, Mohammad Khalid wrote:
Mohammed,

Given that the point of blocking by the govt is to prevent access to information or even awareness that certain information exists, what point is there in advertising that to people?

There exist ample tools for network administrators to diagnose the reasons for failure of packets to reach their destinations.


>Tex,
>I have to agree with you. Barry did mention about greasing the palms of high government officials, but it is not confirm who actually responsible.

What I suggested were multiple scenarios for Tex's situation, for which I was not able to gather enough info with Tex while he was in China to draw a conclusion. I am skeptical that his site is blocked. I am waiting for more info from Tex about that - hopefully he can provide it tomorrow. The only reason I could think of that happening is if the blocking is by IP address and whoever had his IP address before was blocked. 

Even in the best of worlds, a dedicated person will find it difficult to get routing tables changed not because it is hard to identify the problem machine but because network administration organizations are structured against it. There is a reason we draw the Internet as a cloud on a diagram and in my mind, this is it. 

Add a reluctant bureaucracy on top of a impenetrable organization in a language you have no hope of communicating in and this is an intractable solution to the problem.

Much easier than pretending there are some real guidelines that bureaucrats will adhere here to is to determine using existing tools if you are blocked. If you are and don't want to be, then change IP addresses and see if that helps.


>Who actually is incharge of what gets seen and what not.  I do have to agree with you that any probelm concerning the world wide web should have the involvment of the W3C. There should be some policies and guildlines as to when and why a site should be blocked an


There are such policies. In no RFCs that I am aware of is there a discussion of when it is proper to not deliver a TCP packet - only discussions about how to move it on its way and what it should contain. By omission, the policy is nothing should be blocked, and everything possible should be done to go around a problem, whether it is a downed machine or a improper block.

Quite simply, this is the appropriate policy that W3C should state if they must state a policy at all:

"No packets should be blocked except by the administrator of an autonomous network, for packets destined to or from that network. Other packets passing through for which another autonomous network is the ultimate destination shall not be blocked or delayed by any device."

>d if possible a way definded or at least suggested how to get it unblocked.

think about it - If I wanted to block access to certain web people seeing certain web servers living on my network, would you object? Even if I told you you couldn't get in, changing my mind is going to be arbitrary and up to me. Why should I even reveal anything about the configuration of my security arrangements, let alone have apolicy for arbitrary third parties to insist on a change? That is just not how security works. 

A firewall should *never* advertise how it is handling packets if it is expected to be secure. Why is the present case an exception?

Barry Caplan
www.i18n.com

Received on Tuesday, 10 December 2002 01:23:14 UTC