[NNTP] 502 and 503

Clive D.W. Feather clive at demon.net
Thu Nov 18 01:00:26 PST 2004 

This started as a debate about what the correct code is for a command
that's not supported in the current server mode (e.g. IHAVE after MODE
READER, or ARTICLE on a transit-only server).

Russ Allbery said:
> I think what's making me leery is that, prior to our document, 503 meant
> "something went wrong in processing your command that was probably
> transient."  This is a somewhat more permanent error than what people have
> been using 503 to mean in the past.
> 
> 503 is, for example, the return code that INN returns to AUTHINFO if it
> can't fork an external authenticator, the return code that it returns to
> LIST if the active file can't be found, or the return code that it returns
> to DATE if localtime() fails.

>> 502 doesn't make sense, because it implies that reconnecting can give
>> you the appropriate authority.
> 
> I'm not sure why it would imply that.  502 means "permission denied"; it
> is certainly entirely reasonable for that state to be permanent for that
> client.  For example, a read-only reader server is going to return 502 to
> POST from now until the end of time, and reconnecting all you want won't
> help.

The current definitions are:

* If the server experiences an internal fault or problem that means it is
  unable to carry out the command (for example, a necessary file is missing
  or a necessary service could not be contacted), the response code 403 MUST
  be returned.

* If the server recognizes the command but does not provide an optional
  feature  (for example because it does not store the required information),
  or only handles a subset of legitimate cases (see the HDR command for an
  example), the response code 503 MUST be returned.

* If the client is not authorized to use the specified facility when
  the server is in its current state, then the appropriate one of the
  following response codes MUST be used.
  502: it is necessary to terminate the connection and start a new one with
       the appropriate authority before the command can be used.

Long ago we had a thread about the confusion between "something's broken"
and "I don't do that", and decided that 403 was right for the former. So:
> 503 is, for example, the return code that INN returns to AUTHINFO if it
> can't fork an external authenticator, the return code that it returns to
> LIST if the active file can't be found, or the return code that it returns
> to DATE if localtime() fails.
is wrong; these should all be 403s, because they indicate that the server
will eventually sort the problem out and the client can't do anything to
help.

Given that, have we got the right definitions for 502 v 503, or do we need
to revisit them? To me, the meanings are:
  502: you made a wrong choice, disconnect and try again
  503: I don't do that

-- 
Clive D.W. Feather  | Work:  <clive at demon.net>   | Tel:    +44 20 8495 6138
Internet Expert     | Home:  <clive at davros.org>  | Fax:    +44 870 051 9937
Demon Internet      | WWW: http://www.davros.org | Mobile: +44 7973 377646
Thus plc            |                            |

More information about the ietf-nntp mailing list