ietf-nntp Response code issues
Russ Allbery
rra at stanford.edu
Sun Mar 16 22:32:23 PST 2003
3.1. Response Codes
While the part about the server not producing any other responses to a
client other than the ones documented in the protocol if the client
doesn't use extensions is a very good one, and one we should keep, 480
responses need to be an exception to this for historical reasons. I
don't think we want to make this standard depend on the separate
authentication draft, but it might be worth noting that here so that
when we standardize authentication, it doesn't surprise people.
I'm not sure of the best wording here, though. Putting 480 into this
document as a generic response code doesn't seem particularly clean.
Maybe we can except x8x codes from this rule, but still require that the
language down in the discussion of extensions apply (namely that the
only documents allowed to change the return status of existing commands
are standards-track ones)?
3.1.1. Generic Response Codes
INN doesn't use 403 at all. I have no opinion on whether we should keep
it or not. I don't know of any servers that use it and Andrew's summary
of response codes also doesn't mention it, so I'm inclined to drop it
and go with the proposed alternate text.
503 should be used for "the requested information is not present or
available," I think. I don't really understand how LIST EXTENSIONS
could provoke such a situation, so I have no problem with removing that
response from LIST EXTENSIONS. That would make the HDR and LIST uses
consistant, and I think that's enough to make it generic (two completely
different classes of commands, plus we want future extensions to use it
as well). If we eliminate 403 and remove 503 from LIST EXTENSIONS, that
should clear up the confusion.
I don't understand 401 at all. INN doesn't use this, and it's not in
RFC 977. Does anyone know of any server that uses this? Otherwise, I
propose dropping it for the reasons that you state; it's confusing what
it actually means and doesn't seem useful.
3.1.1.1. Examples
I'm a little worried about the example used for a restricted facility,
since it could give people the idea that 502 should prompt
authentication, when 502 is generally means either a permanent failure
or that the client needs to issue MODE READER. A 480 response would be
returned if authentication would help. This isn't a major issue;
there's nothing actually *wrong* with the example. It just might be
misleading. A better example might be trying to use POST, getting 502,
and then issuing MODE READER, since that's the sort of situation that
actually happens with real servers.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the ietf-nntp
mailing list