Re: p2: scope for status codes

Mark Nottingham <mnot@mnot.net> Tue, 23 April 2013 03:10 UTC

Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7E60721E80BE for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 22 Apr 2013 20:10:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.488
X-Spam-Level:
X-Spam-Status: No, score=-10.488 tagged_above=-999 required=5 tests=[AWL=0.111, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kgwdlVKimdvJ for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 22 Apr 2013 20:10:30 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) by ietfa.amsl.com (Postfix) with ESMTP id 6D19B1F0D21 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Mon, 22 Apr 2013 20:10:30 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1UUTb8-0001MP-37 for ietf-http-wg-dist@listhub.w3.org; Tue, 23 Apr 2013 03:08:50 +0000
Resent-Date: Tue, 23 Apr 2013 03:08:50 +0000
Resent-Message-Id: <E1UUTb8-0001MP-37@frink.w3.org>
Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <mnot@mnot.net>) id 1UUTb2-0001LI-PX for ietf-http-wg@listhub.w3.org; Tue, 23 Apr 2013 03:08:44 +0000
Received: from mxout-08.mxes.net ([216.86.168.183]) by lisa.w3.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.72) (envelope-from <mnot@mnot.net>) id 1UUTb2-0004zZ-2l for ietf-http-wg@w3.org; Tue, 23 Apr 2013 03:08:44 +0000
Received: from [192.168.1.80] (unknown [118.209.190.66]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by smtp.mxes.net (Postfix) with ESMTPSA id E3861509B5; Mon, 22 Apr 2013 23:08:19 -0400 (EDT)
Content-Type: text/plain; charset=iso-8859-1
Mime-Version: 1.0 (Mac OS X Mail 6.3 \(1503\))
From: Mark Nottingham <mnot@mnot.net>
In-Reply-To: <51734FCD.80202@treenet.co.nz>
Date: Tue, 23 Apr 2013 13:08:16 +1000
Cc: ietf-http-wg@w3.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <92F2BEB5-8CE0-49E3-8027-AB3B398642F1@mnot.net>
References: <9EB331FC-D296-4776-B2B9-D1970B1E586A@mnot.net> <51734FCD.80202@treenet.co.nz>
To: Amos Jeffries <squid3@treenet.co.nz>
X-Mailer: Apple Mail (2.1503)
Received-SPF: pass client-ip=216.86.168.183; envelope-from=mnot@mnot.net; helo=mxout-08.mxes.net
X-W3C-Hub-Spam-Status: No, score=-3.4
X-W3C-Hub-Spam-Report: AWL=-3.374, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001
X-W3C-Scan-Sig: lisa.w3.org 1UUTb2-0004zZ-2l f7b016ec13f26913486d054dda14dc14
X-Original-To: ietf-http-wg@w3.org
Subject: Re: p2: scope for status codes
Archived-At: <http://www.w3.org/mid/92F2BEB5-8CE0-49E3-8027-AB3B398642F1@mnot.net>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/17475
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

On 21/04/2013, at 12:32 PM, Amos Jeffries <squid3@treenet.co.nz> wrote:

> On 20/04/2013 9:14 p.m., Mark Nottingham wrote:
>> Several status codes are defined in terms of indicating the server's intent, without specifying what kind of server it is.
>> 
>> I believe there are several that we can make more specific without too much controversy. Specifically,
>> 
>>   406 Not Acceptable
>>   409 Conflict
> 
> Note: Squid uses 409 Conflict to signal CVE-2009-0801 validation mismatch between DNS, TCP and HTTP state as reason for messages being rejected. It is a client-end error and more expressive of the semantic problem than 400 or 500.

Er, that *really* isn't what 409 means; it's a conflict in the state of the *resource*.

400 and a body / header is probably best for that.


>>   500 Internal Service Error
> 
> Disagree strongly with 500. It is intentionally the generic "server" error to be sent by any server for edge case internal errors.

OK, I'll buy that.


>> can, I think, all be specified as being from the origin server.
>> 
>> And, if we are still OK with 403 Forbidden being generated by both origins and intermediaries, it may be helpful to explicitly state that.
> 
> Agreed on that.


OK, it sounds like the outcome here is to note that 403 can be generated by intermediaries, at the most. Let's just make it an editorial suggestion.

Cheers,

--
Mark Nottingham   http://www.mnot.net/