IETF Logo Mail Archive

Re: Last Call: <draft-sahib-451-new-protocol-elements-01.txt> (New protocol elements for HTTP Status Code 451) to Informational RFC

Tim Bray <tbray@textuality.com> Tue, 03 July 2018 05:17 UTC

Return-Path: <tbray@textuality.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DA6F8130E2D for <ietf@ietfa.amsl.com>; Mon, 2 Jul 2018 22:17:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, T_DKIMWL_WL_MED=-0.01] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=textuality-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8hsB1nkpD_Uz for <ietf@ietfa.amsl.com>; Mon, 2 Jul 2018 22:17:24 -0700 (PDT)
Received: from mail-ed1-f67.google.com (mail-ed1-f67.google.com [209.85.208.67]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D8B05130F1E for <ietf@ietf.org>; Mon, 2 Jul 2018 22:17:23 -0700 (PDT)
Received: by mail-ed1-f67.google.com with SMTP id r17-v6so648945edo.13 for <ietf@ietf.org>; Mon, 02 Jul 2018 22:17:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=textuality-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=UGzw1oL7AkJFZV9G+f88ZtdNqk8YLbmWiRiwg9jToyg=; b=O7bJnuieSaRvnkG+N1vnpPDnVh5xYwRzpCfT8Klxj7zaNQISnIdZ+GeHH6zrma9AOM nNQSP3sm5rVI+BCFRevxAhXa/RTE9DX1p4DlwvcgzU0n+7DkP8MlKrECi7c2mhiI3MI4 6Y27otU8oi5cbZ0dM1yiSgm32TIFatGHmrmpdNhJuKb2Q5gWDrQE+KH9hckjeBhnOEaU yCPxGEhLIyJ8YI/QRGgXamWEPcKnx9TarxTUyGHi8fWdIeMJHp2OcFhd1jEEz+RVRFd3 sF47GmD2hNHOjo7/Y0Dm6pTURPvC+keCGXJUlSycJBDaKYIMLUCb1Gom6dVilJQG8NNO KADg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=UGzw1oL7AkJFZV9G+f88ZtdNqk8YLbmWiRiwg9jToyg=; b=fiqxRWG5gyO7WC6It/t+P5RPR5dZ1LXIC5ueVghwyN0w/BiZLw75+NuyebRnkkOQVb +GrG6jEMDWAy/KDERPFQlV09eVLvVNSuhnYFecuBjZNgv9GBaxtW305+IY/zgQdeqxYJ 6MA0SJbRB0EhKRNg33XiJ2ncPeEbLqvpCr+ohA5BKzz9FUHjO7NCcDzUKhCsWSKo2gNe e8n1u9Ye8uH1rAAsF0uFy1uIX9O3RdHLtyf1+ZgPkNjLnVGXV8I4dTXEuRIgCww/T/Nx tNL/LioHgWt+Dh5JrzfCkTlnFUJ7EnViRwACpuRelN1sjX+Zz3pIVcye2sL9DirHNfER Zcdg==
X-Gm-Message-State: APt69E0OpxG+c9DjqJ/sq4L1ryLoAnNLShJqdAg4XF40QVhOXiIqM+gZ OoByAgHa9yeB0WT6kwuOnI6QJhHL9b+JMfp3Hz7hGITNtrg=
X-Google-Smtp-Source: AAOMgpcWfZ3Laq8uRedovl9a9nq7zoczsSdiyNIg1fT3sRm5+wCu9Ey1oUvJJpefMJCHrlJLCnEAEvNMF+mJfQ7Z2VI=
X-Received: by 2002:a50:87d2:: with SMTP id 18-v6mr19699222edz.1.1530595041726; Mon, 02 Jul 2018 22:17:21 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a50:8f45:0:0:0:0:0 with HTTP; Mon, 2 Jul 2018 22:17:01 -0700 (PDT)
X-Originating-IP: [24.86.156.110]
In-Reply-To: <153054106529.16082.5456844530797164969.idtracker@ietfa.amsl.com>
References: <153054106529.16082.5456844530797164969.idtracker@ietfa.amsl.com>
From: Tim Bray <tbray@textuality.com>
Date: Mon, 02 Jul 2018 22:17:01 -0700
Message-ID: <CAHBU6iunrrZ6W1hQTWqx7ziEPdDMspt+mf6u0t6DVJn_rS04aQ@mail.gmail.com>
Subject: Re: Last Call: <draft-sahib-451-new-protocol-elements-01.txt> (New protocol elements for HTTP Status Code 451) to Informational RFC
To: IETF-Discussion Discussion <ietf@ietf.org>
Cc: IETF-Announce <ietf-announce@ietf.org>, draft-sahib-451-new-protocol-elements@ietf.org, Alexey Melnikov <alexey.melnikov@isode.com>
Content-Type: multipart/alternative; boundary="000000000000c1e6c10570116d46"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/_VzHB0uOxFjvl1LIsKKtUrnR3bc>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Jul 2018 05:17:28 -0000

I object to the publication of this draft in its current form. While I have
specific objections, my largest issue is that RFC7725, as it stands, is
carefully nonspecific as to the form and content of the legal issue that is
motivating the refusal of access, beyond saying that the receipt of a
“legal demand” has occurred.  451 can currently be used when denying access
in a wide variety of legal scenarios. I believe that this is serving a
useful purpose, and that imposing ex-post-facto fine tuning on what “legal
demand” can mean would yield no real benefit and exclude current behaviors
that have positive effect.  Put even shorter: RFC7725 is working as
intended.

Specific comments on the draft:

   1. Section 1: “This draft attempts to explicate the protocol
   recommendations arising out of that investigation.”  Perhaps it’s because
   I’ve been busy and not playing close attention, but issuing RFCs to
   “explicate the protocol recommendations” of other RFCs seems like an
   uncommon practice. Also, the word “explicate” sounds pretentions.
   2. Section 3, 1st bullet point. “A server can return status code 451 to
   indicate that it is denying access to a resource or multiple resources on
   account of a legal demand”  Q: Can a single instance of an HTTP status
   codes apply to multiple resources?  I’ve never used one that way, just
   wondering if it’s possible.
   3. Section 3, 1st bullet point. “the RFC's description does not make it
   clear that the resource being denied access to must be directly mentioned
   in the legal demand”. That's right, because such a specific limitation was
   never contemplated.
   4. Section 4, 1st bullet point: “HTTP 451 SHOULD NOT be used by an
   operator to deny access to a resource on the basis of a legal demand that
   is not specific to the requested resource.”  Why is this a good idea?  If I
   decide to respect a legal demand that I not give access to any resources
   that mention the existence of a certain person, or which are sourced from a
   subdomain of example.com, or from a server whose geographic location
   within the Vatican City, why should I not be able to use 451?  Maybe I’m
   missing something the author of the draft thinks is obvious, in which case
   an example of a “legal demand that is not specific to the requested
   resource” would be helpful.
   5. 2nd bullet point: “HTTP 451 SHOULD NOT be used by an operator to deny
   access to a resource on the basis of a policy specified by the operator (as
   opposed to a legal demand being placed on the operator).”  7725 already
   says that this is to be used in response to a “legal demand”, so what value
   would this change add.  For what it's worth, I'm OK with someone using 451
   in a case where the party is in fear of legal consequences even if they
   haven’t received that demand yet.
   6. 3rd bullet point. The proposal for a new rel=“blocking-authority”
   Link header seems reasonable.
   7. 4th bullet point. Is it actually true that 451 is being
   “increasingly” used in a geographic-block context?  I hadn’t observed that
   but could believe it given evidence.  Anyhow, the proposal for having the
   451 response body include a geographic-scope header might be helpful, but
   the draft is lacking details on the header syntax, which would reduce its
   usefulness for automated processing.
   8. I don’t really understand what Section 7 is for. How would it be
   helpful for implementors?  The assertion in 7.19 about the assumption
   behind the development of 7725 is unwarranted; RFCs say what they say, not
   what some external party thinks what they meant when they said it.



On Mon, Jul 2, 2018 at 7:17 AM, The IESG <iesg-secretary@ietf.org> wrote:

>
> The IESG has received a request from an individual submitter to consider
> the
> following document: - 'New protocol elements for HTTP Status Code 451'
>   <draft-sahib-451-new-protocol-elements-01.txt> as Informational RFC
>
> The IESG plans to make a decision in the next few weeks, and solicits final
> comments on this action. Please send substantive comments to the
> ietf@ietf.org mailing lists by 2018-07-30. Exceptionally, comments may be
> sent to iesg@ietf.org instead. In either case, please retain the
> beginning of
> the Subject line to allow automated sorting.
>
> Abstract
>
>
>    This draft recommends protocol updates to Hypertext Transfer Protocol
>    (HTTP) status code 451 (defined by RFC7725) based on an examination
>    of how the new status code is being used by parties involved in
>    denial of Internet resources because of legal demands.  Also included
>    is an analysis of HTTP 451 from a human rights perspective using
>    guidelines from RFC8280.
>
>    Discussion of this draft is at https://www.irtf.org/mailman/listinfo/
>    hrpc [1] and https://lists.ghserv.net/mailman/listinfo/statuscode451
>    [2].
>
>
>
>
> The file can be obtained via
> https://datatracker.ietf.org/doc/draft-sahib-451-new-protocol-elements/
>
> IESG discussion can be tracked via
> https://datatracker.ietf.org/doc/draft-sahib-451-new-
> protocol-elements/ballot/
>
>
> No IPR declarations have been submitted directly on this I-D.
>
>
>
>
>


-- 
- Tim Bray (If you’d like to send me a private message, see
https://keybase.io/timbray)

v2.23.0 | Report a Bug | By Email