ietf-nntp Re: Last major open issue (48x return codes)

[Russ Allbery]

Clive D W Feather <clive at demon.net> writes:

> Okay, can you live with all (or even some) of the following?

> (1) We've already reserved x8x for authentication and authorization
> extensions; expand that to include "privacy".

That sounds fine.

> (2) Allow any existing command to return 48x to mean that such an
> extension is blocking the action. Possibly limit this to 48[0-3].

I'd rather not limit it, although I guess with the new 401 response we
potentially could.  If we do limit it, we could also exclude 481.

> (3) Go further, and recommend 480 for authentication, 483 for privacy,
> and 482 for authorization.

482 is already in use, and not for authorization.  It's an error message
for giving AUTHINFO PASS out of order (before AUTHINFO USER).  I'd rather
let it sit fallow for a while in an ideal world rather than reusing it
right away, even if, when we publish AUTHINFO, we're planning on changing
that error code (which I'm not opposed to, at least at first glance, and
is probably doable given the unlikelihood of the error in normal
operations).

> Query 2: will anyone scream if we change 483 to 481?]

481 is already in use for an authentication failure.  This is only in one,
fairly obscure location, but I think it's slightly better form to let it
sit fallow for a while rather than reusing it immediately.  

> (4) Provide 401 as a generic "you need to jump through a hoop" response
> for any hoops other than auth/auth/priv.

> (5) Recommend that the first word after 401 is the label of the extension
> that defines the hoop.

> (6) State that the MODE READER case SHOULD use 401, but historically uses
> 502.

Sure, I can live with that.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>