[NNTP] [2504] Response code for "need MODE READER first"

Clive D.W. Feather clive at demon.net
Thu Dec 2 01:56:51 PST 2004 

Russ Allbery said:
>> Issue: if MODE READER remains significant, what response code is used
>> for "you can't do this until you've issued MODE READER"? The historical
>> answer is 502. We added 401 in draft as "you need to invoke this feature
>> first" and this seems cleaner. On the other hand, clients are going to
>> have to be prepared for 502 anyway.

> Both 502 and 401 have arguments in favor of them -- 401 is a lot clearer,
> but 502 is what everything already does and we're discouraging people from
> requiring MODE READER anyway, even if we're keeping it.

This points towards 502 for this circumstance. I think I'm leaning towards
this as well, but I won't do it until you tell me to.

> I think I lean
> slightly towards removing the 401 code, since this is the only thing that
> uses it right now.  I wasn't very happy with it in the first place; I
> would rather have explicit codes for the few commands that will need this
> kind of thing.  But I don't feel very strongly about this.

We still need the 401 code. The reason for it, in case it's slipped your
mind, is that some future extension may need a way to say to a core
command "you can't do this until you've invoked this extension". If each
such extension could invent its own code, clients wouldn't know what to do;
in any case, we EXPLICITLY banned extensions from altering the core
protocol until the client invokes them.

So we needed at least one "an extension needs to be invoked" response. We
decided to give authentication and privacy explicit codes, since there
mighe be more than one extension of these types and because they are clear
and separate concepts, but we still need a catch-all for other future
cases.

Here's a somewhat contrived example. Suppose that a server extension allows
for "paid-for" articles, using a micropayment system. The extension needs a
way to say "you need to pay for this article". So:

    [C] GROUP local.reports
    [S] 211 3 1001 1003 local.reports
    [C] ARTICLE 1001
    [S] 220 1001 <free.report.1001 at example.com>
    [article contents omitted]
    [S] .
    [C] ARTICLE 1002
    [S] 401 XPAYMENT This article costs EUR 0.25
    [C] XPAY MAX=EUR0.50 micropayment.token ARTICLE 1002
    [S] 220 1002 <paid.report.1002 at example.com>
    [article contents omitted]
    [S] .
    [C] ARTICLE 1003
    [S] 401 XPAYMENT This article costs EUR 5.00
    [C] XPAY MAX=EUR0.50 micropayment.token ARTICLE 1002
    [S] 491 price not met

("micropayment.token" would be replaced by the actual token, of course).

The point of the 401 response is that it is a core response and so can be
used in the above situation where - to that point - the client had done
nothing to indicate it knows anything about the XPAYMENT extension.

-- 
Clive D.W. Feather  | Work:  <clive at demon.net>   | Tel:    +44 20 8495 6138
Internet Expert     | Home:  <clive at davros.org>  | Fax:    +44 870 051 9937
Demon Internet      | WWW: http://www.davros.org | Mobile: +44 7973 377646
Thus plc            |                            |

More information about the ietf-nntp mailing list