Re: New version of HTTP response 420 Requester Impaired
Richard Roda <richard_roda@hotmail.com> Wed, 13 December 2023 12:19 UTC
Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=ietf.org@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8427CC14F5E5 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 13 Dec 2023 04:19:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.755
X-Spam-Level:
X-Spam-Status: No, score=-7.755 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=hotmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZnOrTVtMv6by for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 13 Dec 2023 04:19:04 -0800 (PST)
Received: from lyra.w3.org (lyra.w3.org [128.30.52.18]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6AB23C14F689 for <httpbisa-archive-bis2Juki@ietf.org>; Wed, 13 Dec 2023 04:19:03 -0800 (PST)
Received: from lists by lyra.w3.org with local (Exim 4.94.2) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1rDOCQ-002hlE-KN for ietf-http-wg-dist@listhub.w3.org; Wed, 13 Dec 2023 12:18:50 +0000
Resent-Date: Wed, 13 Dec 2023 12:18:50 +0000
Resent-Message-Id: <E1rDOCQ-002hlE-KN@lyra.w3.org>
Received: from mimas.w3.org ([128.30.52.79]) by lyra.w3.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <richard_roda@hotmail.com>) id 1rDOCN-002hk7-Ho for ietf-http-wg@listhub.w3.org; Wed, 13 Dec 2023 12:18:47 +0000
Received: from mail-bn8nam04olkn2025.outbound.protection.outlook.com ([40.92.47.25] helo=NAM04-BN8-obe.outbound.protection.outlook.com) by mimas.w3.org with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from <richard_roda@hotmail.com>) id 1rDOCL-005y04-MS for ietf-http-wg@w3.org; Wed, 13 Dec 2023 12:18:47 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=BiK6FITpjMesNcwBjRF3GDbkqHttqfqm7NwpYCqviUxBB8F0sZDAm5OtmaiZQHIoTilLRalHsQmNmGM/KwfX71FZ1t28DG/LskaFbD3p2Indvymegt1GcuhgvMX+4C7X1e0qAh7RucL5rqgAMbnZKXL/E7oGiu8aRdyomju6ryRJNoVYS8MKO6+q3Bw9NriKbK9smEYFK21/OK3ybn573n9WauqtXhJv8TZRbSutHAjZuV5DFXK+SHxYJRN1AMEWU3nvoQGFDL9/ERGXYDrf6Iw7sb6dfYmKeuWVWhsGqaKT01LSxZsFAH65hCZR5pOXLYL5Dt5x0b0Q4f3uUwCtAQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=FwwUP5f4Ww3mVEhn5Torkjfe0ZjQPGL+th7uq9v+UM8=; b=IFF9FV7lZKXjcVQzC5qgM51pBfn0dQeq18kSFmQILdLJdUw0ynAs6s5Y/91SpegmCuidcqnOdRc/wPVXiKXQmk72XtYsZBfW3mUNx40aXKV7z59PrWdcQnZGpZn6IeT/wOIF7PFIKvrgHiJ5cs707pqaiAgDfSvpMipjMios9xxnw35QGdspQfj9626JsN/6hzagh0keu5zz759CAPh56iNV1xhJbYJUJdaTGfhumF06vxVCG/UOvMZn0pksWFJFZPkKoiwkX3lFRRzjfc8mlKA9c595XCv1m1awuJpDAyzCnrqlnrevpw1ykMhPP3/Q60Lfp/4o3Xt45bCM2Nt1Dw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hotmail.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=FwwUP5f4Ww3mVEhn5Torkjfe0ZjQPGL+th7uq9v+UM8=; b=iHpL0YWSKm33KFfHJeTrfZ0k4XTqVUT36aySlmexJWQYUwkopDJ3vq/4UCgajP0by16HJDO9KlCI3GE48Rqd4IQl7esRjvxrKWX8NMCZCJvRORc80F7dA804D2SE1iBqLrRA7M6UHAZw7TvuqpDD/m6NLunMheVC+1Z/7WKidKgvysOJPhrw4i5cYMf8yEGSxLcvQpzPmZOTVJb/vbjAGGtIzn1WAUYm2n1QkF4UbhpiS4ll1z68AwQIiFUqMbkWDZUcC4lL18necChijjQq7jQd+lmHn8pR6R2ndZmHcNIszCw/y9ADIIPX0d1NsJx5O2teoo2KUM9lfGpqAIJVng==
Received: from BN8PR04MB5970.namprd04.prod.outlook.com (2603:10b6:408:55::21) by DS0PR04MB8744.namprd04.prod.outlook.com (2603:10b6:8:129::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7091.26; Wed, 13 Dec 2023 12:18:39 +0000
Received: from BN8PR04MB5970.namprd04.prod.outlook.com ([fe80::a405:a2e3:2704:5d82]) by BN8PR04MB5970.namprd04.prod.outlook.com ([fe80::a405:a2e3:2704:5d82%6]) with mapi id 15.20.7091.022; Wed, 13 Dec 2023 12:18:39 +0000
From: Richard Roda <richard_roda@hotmail.com>
To: Glenn Strauss <gs-lists-ietf-http-wg@gluelogic.com>
CC: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Thread-Topic: New version of HTTP response 420 Requester Impaired
Thread-Index: AQHaLXtKmzk06JCzjk+jcH0co+1xHbCm/vcAgAAh09g=
Date: Wed, 13 Dec 2023 12:18:39 +0000
Message-ID: <BN8PR04MB5970BC6392B865EAF4B5875CEF8DA@BN8PR04MB5970.namprd04.prod.outlook.com>
References: <BN8PR04MB59708DB82C00F319ECC74AE5EF8DA@BN8PR04MB5970.namprd04.prod.outlook.com> <ZXmDsjHgMcx2161U@xps13>
In-Reply-To: <ZXmDsjHgMcx2161U@xps13>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-messagesentrepresentingtype: 1
x-tmn: [f+Un4zeJFFANHWC9J1DNMdbGo4AyfcXrm3JLZwVLvtU=]
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: BN8PR04MB5970:EE_|DS0PR04MB8744:EE_
x-ms-office365-filtering-correlation-id: b7fcba39-26a4-4771-1516-08dbfbd5a3bf
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 97Ol8v2yMWmdihH6kR0iLwK603+jhUBU16jSDa6jQqY7nEnQwogUT4iZ2OGKJgPgPLS1OvQSF6qO5MXJmaataHmrJuZX3+QlSFHwlPPKtXnrjj+f87nkv/cE+CKrU+YlaVijDwD1leVcf1ZrduyP5rSnE+kc8b15jRBF7rc3KfYSC1WktbtxBizKvm9OJkXB1q9+1UrlH5PpGlrVcgjAB/NQPsqvghcTnG2YOuXnP+KazwWAecT5feHLhp1trF2J12kxhrZp8d9Hifj36VbkpdR1COgo4u/FPXfJhsvmINX7RUcH6Sa2qFGAsOXa0mr5FCfaSUNcXu/NHxie5BZL2ha+foXvG/wwtP33Dz+gio+vQuzHD+sP0gOYx/Igsv9SCfNKrDZ8TmF8kcAktlgIpFD8jxcp3XQ0Myd592yXkaWSnv48cJdQzGNnLk3orWihoWMufZmUb/AgYwKnvt9gN3K1bWjpI9Xnb3PVbEXmEdh6L+JVUYCIBPKQ3qbESO7D9R8Wx78j7cvHzD4DoNKJI7t2ROgI82VS5voI1a40SFHCSDER3qY/eABhZyIHBGACJUSCQeyet6P+E5dmeHOdxBmy1KPZrR6d0Zx0eWA0OzMAC60AsxFi4S1f8IweCQk3G1OzZ3I2uyawaeNeDiS4RreXWB01SbYLSAnjAfpQCwc=
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: rFysi6rLind5hFfR/gbZH2HJeYIxHfDEpzrpY9eZ86TZva/2l9JOCpM1Qr0fcQVNOKvQNntlHrOkgf9GQW8Pfw2qQJOz+x16P8TOqHYIvWOjSL6JxYPcjwaH09E7SvkGk/oKdrgsZwxHe6d9p7DJcQ8Jf9Vl2zH6dqAso34SLOB4MK+pzdjCXyhQCaqm4p0r1eO8k+AG5mZHfQIsZD3X+liyf5Z6PJYmYQzrzQdG8J21sn9b/bA+e7Sht+bwFiFljPXTJC56H1DX4/peuLn2HM4u9hwzr5pjFf965MPhPxxz4XNGPZXCQjFan8LqHII/6Y4k0wT7eCW7LuqJI1hoUtWI6oJ6nmVd1CSYd3XLM54h8cNvGREUhgK6d/DTdCNY/Z8DJLxxNHGD4/uY0ALycBd1A/4l+ilDsvUMw9yUEJOPeHkX9I8ZKhe8OXRTC89+gPsFptc4LhxostvuQq0eWnrZa7UYG7ApJ8+2Xtffr8ilIyWvm6exEU/3GsL9IWT7L082sFw3Bpsl+aH6RyRareNIk6+VbkN9pDp2Ozz34X+QnlcXN7OPeyUtDqW9WAJpBzysWwg2c1BdPykRyLfT1vC/HR4bHsTZGcb6dEKhPBRQBmDutJ5DqQdXa1Z5+CTUEegGBd6QS/0inobOg9rLX/wvi9GbHvA4UbV5bufapW1aMXucvUKO80EovcmvB0z3adnL9wfFLscSNbEZkAYFooVejIf/ZK7XOUlNQ+tiX421+TXcbZtRk/uWXebwuEyyX+FS/Xsb7k2/VG3wwCXKrdp271DPvOByOEk0Ccw+79DVOeHYNi+DHECJ+nyMEtmq4T5YLJTwfsoNawTFqyf4VplS1oxRJf9FCxs+HeEO4Vvf02k90w/6sHCRhbUu4DJM5UiG+y4vso7UcKNH+FpF0rEcoIr42dT51UNiF0LlVhJE79nvN6axrN9G1Ir5O1X+Oy9I/gRuQnq/OLJXy9db7LsLr3oJqYXame0e30oxhe1BAyeEWV/h1Q3rvC3PaHf0joCCLYdFeTxUAItPd2vofu0QHB9mneZgcXI4CbNIurfRvSk9DNQvgMUdI7wRK1DQ+kNmU94IzrJr86uPgIjvTJd0VZZr6alkLbBWt2fyJujm+C3MF478hwudoJuMDw/CjqCrv1RO8UKrUjiaPxxZbjoqJywlCdL7Ib1BzCbEo5SjKa2rYFpGlSZavgBRz4gPoJPwL2YCoE/3+cDtzDuZpxHXwJLo1O/pug7nuz2TjgBQ8yy5If3yOsqaopIJhyeu
Content-Type: multipart/alternative; boundary="_000_BN8PR04MB5970BC6392B865EAF4B5875CEF8DABN8PR04MB5970namp_"
MIME-Version: 1.0
X-OriginatorOrg: sct-15-20-4755-11-msonline-outlook-edb50.templateTenant
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BN8PR04MB5970.namprd04.prod.outlook.com
X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-CrossTenant-Network-Message-Id: b7fcba39-26a4-4771-1516-08dbfbd5a3bf
X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Dec 2023 12:18:39.6502 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS0PR04MB8744
Received-SPF: pass client-ip=40.92.47.25; envelope-from=richard_roda@hotmail.com; helo=NAM04-BN8-obe.outbound.protection.outlook.com
X-W3C-Hub-DKIM-Status: validation passed: (address=richard_roda@hotmail.com domain=hotmail.com), signature is good
X-W3C-Hub-Spam-Status: No, score=-4.1
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, W3C_AA=-1, W3C_WL=-1
X-W3C-Scan-Sig: mimas.w3.org 1rDOCL-005y04-MS 885d0e4ef008313efc663d17847688b5
X-Original-To: ietf-http-wg@w3.org
Subject: Re: New version of HTTP response 420 Requester Impaired
Archived-At: <https://www.w3.org/mid/BN8PR04MB5970BC6392B865EAF4B5875CEF8DA@BN8PR04MB5970.namprd04.prod.outlook.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/51682
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/email/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
I see why Spring uses the 420 error code for Method Failure. It's specified in a draft of the WebDAV protocol. Perhaps an error extension to 403 is more appropriate. https://datatracker.ietf.org/doc/html/draft-ietf-webdav-protocol-05#section-10.5 Get Outlook for Android<https://aka.ms/AAb9ysg> ________________________________ From: Glenn Strauss <gs-lists-ietf-http-wg@gluelogic.com> Sent: Wednesday, December 13, 2023 5:13:06 AM To: Richard Roda <richard_roda@hotmail.com> Cc: ietf-http-wg@w3.org <ietf-http-wg@w3.org> Subject: Re: New version of HTTP response 420 Requester Impaired On Wed, Dec 13, 2023 at 04:38:23AM +0000, Richard Roda wrote: > https://datatracker.ietf.org/doc/draft-richardroda-420requesterimpaired/ > > Thanks for the feedback on this. I have an update for the draft that addresses the technical shortcomings of the original. Specifically, it defines how an Impaired requester can assert it has been remediated. > > This code is primarily intended to be used in a system-to-system scenario. Specifically, as a way to deal with the "AI gone rouge" scenario that is possible when a LLM hallucinations get acted upon. > > There is a fundamental difference between a LLM requester and other misbehaving automations such as webcrawlers. The LLM is an actual user of the system performing tasks autonomously for its ultimate human user. This error code attempts to define a framework to signal an LLM that it's outside of its guardrails and a mechanism for it to recover. My understanding is that you are proposing a new HTTP status code because the new status code indicates a) a specific policy has been violated and that specific policy rendered a judgement of "requester impairment" b) out-of-band action is required before the server will accept further requests, and that out-of-band action required involves informing the server or another trusted third party. The new status code seems to be to indicate that once the out-of-band action has been taken, the request might be submitted as-is, without any changes. This is in contrast to a 4xx status code such as 414 URI Too Long, which indicates that the client should not resubmit the request as-is since changes to the submitted request are required. If the scope of your propsal is expanded beyond the specific policy judgement of "requester impaired" to be more general as "policy rejection plus an action that involves contacting the server in a semi-defined way", then I think a new 4xx HTTP status code might have some merit. Then again, does there need to be a new HTTP status code assigned (420), or could additional header(s) be added to responses with an extended error message and remediation link? HTTP/1.1 400 Bad Request error-extension: ... error-action-required: ... Practically speaking, the "action-required" might tend towards needing a new HTTP status code so that the awful "friendly" error messages that some browsers use to hide any actual useful information might see the new HTTP status code and do something more useful than frustrating users and enraging those who try to help those users since there is a lack of useful, actionable information. Then again, a new standardized response header might also work for that, too. Cheers, Glenn Here's one example of error extensions, even though I have other strong criticism (off-topic) for many other parts of MS-WDV: [MS-WEBDAVE]: Web Distributed Authoring and Versioning Error Extensions Protocol https://learn.microsoft.com/en-us/openspecs/sharepoint_protocols/ms-webdave/9fb175f3-f063-4389-a959-4457692e4b49 2.2.2 Extended Error Handling https://learn.microsoft.com/en-us/openspecs/sharepoint_protocols/ms-webdave/fd085a2b-c812-4d7c-a28c-2cab5dc34747 2.2.3 Currently Defined WebDAV Extended Errors https://learn.microsoft.com/en-us/openspecs/sharepoint_protocols/ms-webdave/bda6b27f-b0c2-4310-bb79-1f9a7caeb426 Aside, with regards to status code 420, there is some more history: https://en.wikipedia.org/wiki/List_of_HTTP_status_codes Unofficial codes 420 Enhance Your Calm (Twitter) Returned by version 1 of the Twitter Search and Trends API when the client is being rate limited; versions 1.1 and later use the 429 Too Many Requests response code instead. The phrase "Enhance your calm" comes from the 1993 movie Demolition Man, and its association with this number is likely a reference to cannabis.[citation needed]
- New version of HTTP response 420 Requester Impair… Richard Roda
- Re: New version of HTTP response 420 Requester Im… Glenn Strauss
- Re: New version of HTTP response 420 Requester Im… Richard Roda
- Re: New version of HTTP response 420 Requester Im… Rory Hewitt
- Re: New version of HTTP response 420 Requester Im… Asbjørn Ulsberg
- Re: New version of HTTP response 420 Requester Im… Richard Roda
- Re: New version of HTTP response 420 Requester Im… Richard Roda