ietf-nntp Response code issues

Russ Allbery rra at stanford.edu
Sun Mar 16 22:32:23 PST 2003 

3.1. Response Codes

  While the part about the server not producing any other responses to a
  client other than the ones documented in the protocol if the client
  doesn't use extensions is a very good one, and one we should keep, 480
  responses need to be an exception to this for historical reasons.  I
  don't think we want to make this standard depend on the separate
  authentication draft, but it might be worth noting that here so that
  when we standardize authentication, it doesn't surprise people.

  I'm not sure of the best wording here, though.  Putting 480 into this
  document as a generic response code doesn't seem particularly clean.
  Maybe we can except x8x codes from this rule, but still require that the
  language down in the discussion of extensions apply (namely that the
  only documents allowed to change the return status of existing commands
  are standards-track ones)?

3.1.1. Generic Response Codes

  INN doesn't use 403 at all.  I have no opinion on whether we should keep
  it or not.  I don't know of any servers that use it and Andrew's summary
  of response codes also doesn't mention it, so I'm inclined to drop it
  and go with the proposed alternate text.

  503 should be used for "the requested information is not present or
  available," I think.  I don't really understand how LIST EXTENSIONS
  could provoke such a situation, so I have no problem with removing that
  response from LIST EXTENSIONS.  That would make the HDR and LIST uses
  consistant, and I think that's enough to make it generic (two completely
  different classes of commands, plus we want future extensions to use it
  as well).  If we eliminate 403 and remove 503 from LIST EXTENSIONS, that
  should clear up the confusion.

  I don't understand 401 at all.  INN doesn't use this, and it's not in
  RFC 977.  Does anyone know of any server that uses this?  Otherwise, I
  propose dropping it for the reasons that you state; it's confusing what
  it actually means and doesn't seem useful.

3.1.1.1. Examples

  I'm a little worried about the example used for a restricted facility,
  since it could give people the idea that 502 should prompt
  authentication, when 502 is generally means either a permanent failure
  or that the client needs to issue MODE READER.  A 480 response would be
  returned if authentication would help.  This isn't a major issue;
  there's nothing actually *wrong* with the example.  It just might be
  misleading.  A better example might be trying to use POST, getting 502,
  and then issuing MODE READER, since that's the sort of situation that
  actually happens with real servers.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>

More information about the ietf-nntp mailing list