[NNTP] 502 and 503

Russ Allbery rra at stanford.edu
Tue Nov 30 19:57:07 PST 2004 

Clive D W Feather <clive at demon.net> writes:

> The current definitions are:

> * If the server experiences an internal fault or problem that means it is
>   unable to carry out the command (for example, a necessary file is missing
>   or a necessary service could not be contacted), the response code 403 MUST
>   be returned.

> * If the server recognizes the command but does not provide an optional
>   feature  (for example because it does not store the required information),
>   or only handles a subset of legitimate cases (see the HDR command for an
>   example), the response code 503 MUST be returned.

> * If the client is not authorized to use the specified facility when
>   the server is in its current state, then the appropriate one of the
>   following response codes MUST be used.
>   502: it is necessary to terminate the connection and start a new one with
>        the appropriate authority before the command can be used.

Ah, okay, I'd forgotten about 403, which we invented.  Hurm.  Okay.  We're
really changing a lot about error codes, but I think it's generally an
improvement and we've hashed this out before, so let's stick with what we
decided.

> Long ago we had a thread about the confusion between "something's broken"
> and "I don't do that", and decided that 403 was right for the former. So:
>> 503 is, for example, the return code that INN returns to AUTHINFO if it
>> can't fork an external authenticator, the return code that it returns to
>> LIST if the active file can't be found, or the return code that it returns
>> to DATE if localtime() fails.
> is wrong; these should all be 403s, because they indicate that the server
> will eventually sort the problem out and the client can't do anything to
> help.

Right.

> Given that, have we got the right definitions for 502 v 503, or do we need
> to revisit them? To me, the meanings are:
>   502: you made a wrong choice, disconnect and try again
>   503: I don't do that

I really don't want to describe 502 that way.  If, for example, you
connect to a public read-only server, POST is going to return 502 in the
common case because the server *supports* POST, it's just been configured
to deny that particular client access to the command.  But it's going to
keep returning 502 forever.

It's really:

  502: permission denied, at least in this mode
  503: command not supported

That being said, given the above explanation, I'm okay with IHAVE in
reader mode or POST in transit mode being 503.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>

More information about the ietf-nntp mailing list