ietf-nntp Re: Last major open issue (48x return codes)

Clive D.W. Feather clive at demon.net
Thu Oct 2 22:31:04 PDT 2003 

Russ Allbery said:
>>>>    401: the client must change the state of the connection in some other
>>>>       manner. The first argument of the response SHOULD be the
>>>>       extension-label (see Section 8) of the extension that provides the
>>>>       necessary mechanism.

> It's a brand new return code so we can require anything we want.  I think
> MUST is correct.

Okay.

>>> Probably then we'd need to do at least one of these:
>>>     - provide a special first parameter that means "no specific extension
>>>       is related, please display this string to the user"
>> "-" seems the obvious choice (you can't have dash in extension-labels).
> Why would you return 401 in this situation rather than just returning 502?

Because ...
dammit, you're right. If there's a way to change the state through an
extension (even one specific to that server), the extension name can be
reported. If there isn't, then 401 is the wrong code.

> > What I actually meant was, is there such a thing as a *generic*
> > "authorization extension" that justifies its own 48x *generic* response
> > and which justifies the use of the word in the description of x8x
> > responses?
> 
> Yeah, I can't think of any.  Authorization is not something the client
> does; it's something the server does.  All that a client can do is
> establish its identity, and then authorization decisions are made by the
> server.
> 
> I suppose that something like sending a client certificate that shows
> delegated authority would be something of a grey area, but I still
> consider that to be more authentication and decisions the server makes
> based on that information to be the real authorization event.
> 
> I can't see how commands for authorization independent of authentication
> would be meaningful.

Okay, I'll take that bit of the wording out.

Looks like this topic is done and dusted.

-- 
Clive D.W. Feather  | Work:  <clive at demon.net>   | Tel:    +44 20 8495 6138
Internet Expert     | Home:  <clive at davros.org>  | *** NOTE CHANGE ***
Demon Internet      | WWW: http://www.davros.org | Fax:    +44 870 051 9937
Thus plc            |                            | Mobile: +44 7973 377646

More information about the ietf-nntp mailing list