ietf-nntp 502 response

Russ Allbery rra at stanford.edu
Sun Mar 31 18:28:52 PST 2002 

Andrew Gierth <andrew at erlenstar.demon.co.uk> writes:
>>>>>> "Clive" == Clive D W Feather <clive at demon.net> writes:

>  >>>> on connect, or after a failed AUTHINFO exchange, nowhere else.
> 
>  Clive> Is that your server, or can you really speak for all common
>  Clive> servers ?
> 
> I have checked INN and the Diablo reader in addition to my own server.
> I can't speak for Typhoon or DNews (one known issue with Typhoon is
> that it does not close the connection after a 502 response to AUTHINFO)

INN returns 502 in response to ARTICLE (including HEAD, BODY, and STAT)
when retrieving by message ID if the article is in a newsgroup that the
client doesn't have permission to read.  It also returns 502 to the
ARTICLE, HEAD, BODY, STAT, NEXT, LAST, XOVER, XPAT, and XHDR commands if
the client doesn't have permission to read articles.

>  Clive> Hmm. We've documented 503 as "I don't support this and I don't
>  Clive> plan to".

> RFC 977 defined 503 as "program fault - command not performed". INN
> returns it for a number of unexpected error conditions (failure to
> initialise the storage manager, failure to execute the external
> authenticator, failure of some of the LIST commands due to missing
> files, etc.)

The current description of 502 looks correct to me.

I believe the following changes should be made to clarify when 502 is
appropriate and when 503 is appropriate:

Add to 4.1.1 after the paragraph explaining 403 and 503:

    If the server encounters an unexpected internal error that prevents
    it from completing a command, the response code 503 MAY be returned.

Does any server currently implement the 403 return status, or was that
introduced in our draft?  (INN doesn't; it uses 503 for temporary
errors.)

In 8.1.1, 502 should be changed to 503 (two places).

In 9.2.1.1, the description of the 502 responses should be changed to:

    502  Permission denied

(This is existing practice, so far as I can determine.)

In 9.2.1.2, the final example should either use a 503 response to indicate
that the service is unavailable, or should have the example changed to be
one where one is trying to access an article one does not have permission
to access.

Similar changes should be made for HEAD (in 9.2.2.1 and 9.2.2.2), for BODY
(in 9.2.3.1 and 9.2.3.2), and for STAT (in 9.2.4.1 and 9.2.4.2).

In 9.5.2.2, 502 should be changed to 503.

In 9.5.3.1.1, the description for 502 should be changed to:

    502  Permission denied

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>

More information about the ietf-nntp mailing list