[NNTP] 502 and 503
Russ Allbery
rra at stanford.edu
Tue Nov 30 19:57:07 PST 2004
Clive D W Feather <clive at demon.net> writes:
> The current definitions are:
> * If the server experiences an internal fault or problem that means it is
> unable to carry out the command (for example, a necessary file is missing
> or a necessary service could not be contacted), the response code 403 MUST
> be returned.
> * If the server recognizes the command but does not provide an optional
> feature (for example because it does not store the required information),
> or only handles a subset of legitimate cases (see the HDR command for an
> example), the response code 503 MUST be returned.
> * If the client is not authorized to use the specified facility when
> the server is in its current state, then the appropriate one of the
> following response codes MUST be used.
> 502: it is necessary to terminate the connection and start a new one with
> the appropriate authority before the command can be used.
Ah, okay, I'd forgotten about 403, which we invented. Hurm. Okay. We're
really changing a lot about error codes, but I think it's generally an
improvement and we've hashed this out before, so let's stick with what we
decided.
> Long ago we had a thread about the confusion between "something's broken"
> and "I don't do that", and decided that 403 was right for the former. So:
>> 503 is, for example, the return code that INN returns to AUTHINFO if it
>> can't fork an external authenticator, the return code that it returns to
>> LIST if the active file can't be found, or the return code that it returns
>> to DATE if localtime() fails.
> is wrong; these should all be 403s, because they indicate that the server
> will eventually sort the problem out and the client can't do anything to
> help.
Right.
> Given that, have we got the right definitions for 502 v 503, or do we need
> to revisit them? To me, the meanings are:
> 502: you made a wrong choice, disconnect and try again
> 503: I don't do that
I really don't want to describe 502 that way. If, for example, you
connect to a public read-only server, POST is going to return 502 in the
common case because the server *supports* POST, it's just been configured
to deny that particular client access to the command. But it's going to
keep returning 502 forever.
It's really:
502: permission denied, at least in this mode
503: command not supported
That being said, given the above explanation, I'm okay with IHAVE in
reader mode or POST in transit mode being 503.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the ietf-nntp
mailing list