ietf-nntp Last major open issue (48x return codes)

Russ Allbery rra at stanford.edu
Sun Sep 7 18:36:40 PDT 2003 

Apart from the UTF-8 issues (which I think should now be cleared up
because the new UTF-8 RFC was approved), this is the last open issue in
draft-19:

   If the client is not authorized to use the specified facility when
   the server is in its current state, then either the response code 480
   or the response code 502 MUST be returned. The response code 480
   SHOULD be used if a different command (for example, an extension used
   to present credentials) might change the server state so that the
   command is permitted. The response code 502 SHOULD be used if the
   server wishes to indicate that it is necessary to terminate the
   connection and start a new one with the appropriate authority before
   the command can be used. Since it is not always possible to clearly
   distinguish these two cases, a server MAY issue either of these
   response codes for either case. (Note that the server MUST NOT close
   the TCP connection immediately after a 502 response except at the
   initial connection (Section 5.1) and with the MODE READER (Section
   5.2) command.)

   OUTSTANDING ISSUE

      This isn't a complete solution to the 480 issue; what about the
      TLS extension, which uses 483 to mean "you need encryption".
      Should 480 be used for other than "you need authentication"? What
      code should be used to mean "can't do AUTH until after MODE
      READER"?

      Do we need a more generic mechanism for "you must invoke extension
      X to do Y"?

      The best proposal made so far is that all 48x codes, if returned
      from an existing command, mean "unavailable unless some
      authentication or privacy extension is invoked". Does this tie in
      with the issue of permitting existing commands not listed in an
      extension?

      I asked if anyone used 48x with *existing commands* to mean other
      than "you are missing a privacy or authentication extension".
      Effectively the answer is "no".

This is particularly confusing, since there are at least three different
states.  One is that the command is not allowed and never will be allowed
on this connection.  The second is that the command is not allowed but
will be allowed (possibly after authentication as a subcase) after issuing
a MODE READER command.  The third is that the command is not allowed but
will be after authentication (without an intervening MODE READER).

I think that we're all agreed that the appropriate response for the first
case is 502 and the appropriate response for the third case is 480.  The
main questions are what to do about the second case, and what to do when
the required extension isn't authentication but is instead a privacy
layer.

For the latter question, I think reserving 48x codes to mean that a
command is unavailable unless some authentication or privacy extension is
invoked is the best approach.

For the former question, of what to do about the case where a command is
not allowed but may be allowed after issuing MODE READER, I'm not quite
sure what to do.  I'm leaning towards 502 as the closest to the intended
semantics, since 48x indicates that the client should try to autenticate
or build a privacy layer, which won't actually help.  MODE READER is
neither.

Introducing a new status code, the most unambiguous option, seems like
overkill for a "feature" that we're recommending against anyway.

The implication that 502 might be permanent likely won't be a problem in
practice since in practice nearly all clients issue MODE READER
immediately after connecting if that's what they want to do.

Does anyone have any objections to the above approach?  I'd like to
resolve this issue, get another draft out, and go to last call.  I think
we're ready to kick this out the door.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>

More information about the ietf-nntp mailing list