IETF Logo Mail Archive

Re: Last Call: <draft-sahib-451-new-protocol-elements-01.txt> (New protocol elements for HTTP Status Code 451) to Informational RFC

Barry Leiba <barryleiba@computer.org> Wed, 04 July 2018 06:34 UTC

Return-Path: <barryleiba.mailing.lists@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DF751130DD7; Tue, 3 Jul 2018 23:34:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.399
X-Spam-Level:
X-Spam-Status: No, score=-1.399 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.25, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UWhT6i7Jf3Ut; Tue, 3 Jul 2018 23:34:04 -0700 (PDT)
Received: from mail-qk0-x242.google.com (mail-qk0-x242.google.com [IPv6:2607:f8b0:400d:c09::242]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CEE5F130EB4; Tue, 3 Jul 2018 23:34:03 -0700 (PDT)
Received: by mail-qk0-x242.google.com with SMTP id t79-v6so2342319qke.4; Tue, 03 Jul 2018 23:34:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc:content-transfer-encoding; bh=t5HcBriMnpRUzOKl5t5LrrKMOIHu0fySV8yJhY4M+ks=; b=ala3pM6iU0hMnaCKIm+aQ35zD0OmLe/jPXS7zXCvE24ujrPYwVLUly8nRC0DK0Ltqk hTQyuLDZ64CZNiKoUM8AVP06jPAF9mFRMzXtox98Y6etWM8ORucBVMSf8GHTPBLqU2cW FfEWsGRUw2W2F+ivHaRuKx0OyRJ5GJuIXaQkhoWkjdylQyWqBhvgJHj8tz3mI5PMpxrj yX1zL1FYwT16JE/GMiTKHi8rkpEOXJgMgyJ+24+hwsNQxs+PYYvJm3qRiDlBnz7BVo17 4+ufbG1Y6TPMfMhcnZL6u0j1FoyCXpEShTAcYgpC32gs/USbc5mVyAF0cPICu8lnGo1k tpEQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc:content-transfer-encoding; bh=t5HcBriMnpRUzOKl5t5LrrKMOIHu0fySV8yJhY4M+ks=; b=oqk4RajC3dde3/PqwTeLOMJN/K+gkECQqD2HekrJXIcjo9NHYLWBwSyY1PIbjUioY1 V9V5aOrpIbVptQmO1g6EGETNPse1q/Tu3NoC5dqce3XsIn5U0+ESqSFOnGGNfJwfUJvn 1kVmBc6cv92vzIwY6ok9A0/LnwsHKCs2+jThRQmjvdQrKVQ8TM0mEUqGexA+oNi/Lowx ivJ712VqKsFiaeXww5p3sgC8UEw6avM6r5tCjmU3lQNOHc+khKaY2QTaOQcI2Rmbnrh1 Va28Ie7fuBOfCWA6uIvfEy050cpObXSJaqah6DVN1uQVreqFPhUhEAOVatKWpoRq4QjS 210Q==
X-Gm-Message-State: APt69E1jfD931tGlZuFBfxfj0SCP8usghXQyzGC2nWAPpE0q1KDZaTmR dRQZ9H7EPbO1zhx05W9v4vmZNn4q594YtzRDdWc=
X-Google-Smtp-Source: AAOMgpeT75YjziM/ii5GigpowdwVtvYGaei1khHEd7kaojj0tW2lw8qE26EecJxlAVoGJJ+1nNXPjQPdgU9f6Z/JDGg=
X-Received: by 2002:a37:8786:: with SMTP id j128-v6mr550360qkd.32.1530686042897; Tue, 03 Jul 2018 23:34:02 -0700 (PDT)
MIME-Version: 1.0
Sender: barryleiba.mailing.lists@gmail.com
Received: by 2002:ac8:244d:0:0:0:0:0 with HTTP; Tue, 3 Jul 2018 23:34:02 -0700 (PDT)
In-Reply-To: <CAHBU6iunrrZ6W1hQTWqx7ziEPdDMspt+mf6u0t6DVJn_rS04aQ@mail.gmail.com>
References: <153054106529.16082.5456844530797164969.idtracker@ietfa.amsl.com> <CAHBU6iunrrZ6W1hQTWqx7ziEPdDMspt+mf6u0t6DVJn_rS04aQ@mail.gmail.com>
From: Barry Leiba <barryleiba@computer.org>
Date: Wed, 04 Jul 2018 15:34:02 +0900
X-Google-Sender-Auth: SEOjripKY4tmNYJShvbfh3K5Tf0
Message-ID: <CAC4RtVCmJTSPVnzHLHcQbU=8=Zh6ooc31euv3KeAmjJhJEYPaA@mail.gmail.com>
Subject: Re: Last Call: <draft-sahib-451-new-protocol-elements-01.txt> (New protocol elements for HTTP Status Code 451) to Informational RFC
To: Tim Bray <tbray@textuality.com>
Cc: IETF-Discussion Discussion <ietf@ietf.org>, draft-sahib-451-new-protocol-elements@ietf.org, Alexey Melnikov <alexey.melnikov@isode.com>, IETF-Announce <ietf-announce@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/aceGP4Gf4lVxKYqusi9BynHiwjE>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Jul 2018 06:34:06 -0000

I have to agree with Tim here.  I'll note that 7725 was also going to
be AD-sponsored (by me), but ultimately went to HTTPbis.  It had a
*lot* of discussion in the process, and I did not agree to sponsor it
at first.  It was more than three years in the making.

I think it's a bad idea to AD-sponsor this attempt at updating it.  I
also think a major strong point of 7725 is that what it specifies is
simple and very general, and does *not* try to specify details of what
"legal restrictions" means, or what kinds of legal issues are
appropriate.

Please do not send this to the IESG.  I would much rather see this not
published, and to leave 7725 as it stands, with the community
consensus that it has.

Barry

On Tue, Jul 3, 2018 at 1:17 AM, Tim Bray <tbray@textuality.com> wrote:
> I object to the publication of this draft in its current form. While I have
> specific objections, my largest issue is that RFC7725, as it stands, is
> carefully nonspecific as to the form and content of the legal issue that is
> motivating the refusal of access, beyond saying that the receipt of a “legal
> demand” has occurred.  451 can currently be used when denying access in a
> wide variety of legal scenarios. I believe that this is serving a useful
> purpose, and that imposing ex-post-facto fine tuning on what “legal demand”
> can mean would yield no real benefit and exclude current behaviors that have
> positive effect.  Put even shorter: RFC7725 is working as intended.
>
> Specific comments on the draft:
>
> Section 1: “This draft attempts to explicate the protocol recommendations
> arising out of that investigation.”  Perhaps it’s because I’ve been busy and
> not playing close attention, but issuing RFCs to “explicate the protocol
> recommendations” of other RFCs seems like an uncommon practice. Also, the
> word “explicate” sounds pretentions.
> Section 3, 1st bullet point. “A server can return status code 451 to
> indicate that it is denying access to a resource or multiple resources on
> account of a legal demand”  Q: Can a single instance of an HTTP status codes
> apply to multiple resources?  I’ve never used one that way, just wondering
> if it’s possible.
> Section 3, 1st bullet point. “the RFC's description does not make it clear
> that the resource being denied access to must be directly mentioned in the
> legal demand”. That's right, because such a specific limitation was never
> contemplated.
> Section 4, 1st bullet point: “HTTP 451 SHOULD NOT be used by an operator to
> deny access to a resource on the basis of a legal demand that is not
> specific to the requested resource.”  Why is this a good idea?  If I decide
> to respect a legal demand that I not give access to any resources that
> mention the existence of a certain person, or which are sourced from a
> subdomain of example.com, or from a server whose geographic location within
> the Vatican City, why should I not be able to use 451?  Maybe I’m missing
> something the author of the draft thinks is obvious, in which case an
> example of a “legal demand that is not specific to the requested resource”
> would be helpful.
> 2nd bullet point: “HTTP 451 SHOULD NOT be used by an operator to deny access
> to a resource on the basis of a policy specified by the operator (as opposed
> to a legal demand being placed on the operator).”  7725 already says that
> this is to be used in response to a “legal demand”, so what value would this
> change add.  For what it's worth, I'm OK with someone using 451 in a case
> where the party is in fear of legal consequences even if they haven’t
> received that demand yet.
> 3rd bullet point. The proposal for a new rel=“blocking-authority” Link
> header seems reasonable.
> 4th bullet point. Is it actually true that 451 is being “increasingly” used
> in a geographic-block context?  I hadn’t observed that but could believe it
> given evidence.  Anyhow, the proposal for having the 451 response body
> include a geographic-scope header might be helpful, but the draft is lacking
> details on the header syntax, which would reduce its usefulness for
> automated processing.
> I don’t really understand what Section 7 is for. How would it be helpful for
> implementors?  The assertion in 7.19 about the assumption behind the
> development of 7725 is unwarranted; RFCs say what they say, not what some
> external party thinks what they meant when they said it.
>
>
>
> On Mon, Jul 2, 2018 at 7:17 AM, The IESG <iesg-secretary@ietf.org> wrote:
>>
>>
>> The IESG has received a request from an individual submitter to consider
>> the
>> following document: - 'New protocol elements for HTTP Status Code 451'
>>   <draft-sahib-451-new-protocol-elements-01.txt> as Informational RFC
>>
>> The IESG plans to make a decision in the next few weeks, and solicits
>> final
>> comments on this action. Please send substantive comments to the
>> ietf@ietf.org mailing lists by 2018-07-30. Exceptionally, comments may be
>> sent to iesg@ietf.org instead. In either case, please retain the beginning
>> of
>> the Subject line to allow automated sorting.
>>
>> Abstract
>>
>>
>>    This draft recommends protocol updates to Hypertext Transfer Protocol
>>    (HTTP) status code 451 (defined by RFC7725) based on an examination
>>    of how the new status code is being used by parties involved in
>>    denial of Internet resources because of legal demands.  Also included
>>    is an analysis of HTTP 451 from a human rights perspective using
>>    guidelines from RFC8280.
>>
>>    Discussion of this draft is at https://www.irtf.org/mailman/listinfo/
>>    hrpc [1] and https://lists.ghserv.net/mailman/listinfo/statuscode451
>>    [2].
>>
>>
>>
>>
>> The file can be obtained via
>> https://datatracker.ietf.org/doc/draft-sahib-451-new-protocol-elements/
>>
>> IESG discussion can be tracked via
>>
>> https://datatracker.ietf.org/doc/draft-sahib-451-new-protocol-elements/ballot/
>>
>>
>> No IPR declarations have been submitted directly on this I-D.
>>
>>
>>
>>
>
>
>
> --
> - Tim Bray (If you’d like to send me a private message, see
> https://keybase.io/timbray)

v2.23.0 | Report a Bug | By Email