Hi all,
This draft was created so as to make HTTP 451 more useful for:
- web platforms and websites that get legal requests to take down content
- researchers who are interested in using the code to get more information about content takedown
The recommended "updates" are a result of talking to parties from both groups. The reference IMPL_REPORT_DRAFT is the report of an investigation into how HTTP 451 is being used currently (I'll update the draft to make it an informative reference and reduce mention of it).
- Section 7 (human rights implications of HTTP 451) was added to show the use of RFC8280's recommendations to examine a protocol that has human rights impacts. At this stage of the process, however, it makes sense that it is removed and perhaps published as a separate draft.
- The draft was discussed in the Human Rights Protocol Considerations (HRPC) Research Group (as noted in the Abstract) and also briefly in the HTTP WG.
- Regarding specificity of "legal demand": RFC 7725 opens with:
"This document specifies a Hypertext Transfer Protocol (HTTP) status
code for use when a server operator has received a legal demand to
deny access to a resource or to a set of resources that includes the
requested resource."
HTTP 451 is being used to block users who reside in the European Union by websites that are not GDPR-compliant. There is no real "legal demand to deny access" to the resource. The examples given by Tim ("any resources that mention the existence of a certain person", etc) are all fine, as they actually relate to the resource being denied.
Perhaps this is splitting hairs. However, in talking to server operators actually implementing this status code, confusion leads to them not using the status code when it would be beneficial (to users, to researchers) for them to use it. If we think that the status code should be used for compliance with *any law whatsoever*, even if the law doesn't actually demand that the resource be taken down, then perhaps making that clear would be helpful for people seeking to use the status code.
But Mark's point about this draft being "new protocol elements" and not "an update to the RFC" makes sense. I will remove this point.
- Agreed about the "policy specified by the operator" point not adding much. Updated.
- For "blocking-authority": Ideally this would link to a legal notice that clearly mentions the blocking authority.
- Both "blocking-authority" and "geo-scope-block" are SHOULDs because the draft is recommending elements. If there are good reasons for not having these links (e.g. the specific government/court does not allow it) then it's fine to not have them - some information about a block is better than none (404). The original "blocked-by" is also a SHOULD.
- geo-scope-block was kept deliberately simple and limited to country-codes so as to not make matters too complicated for web platforms seeking to do the right thing by giving more information about a block. The IMPL_REPORT_DRAFT reference provides some evidence of country-based blocking. Also see https://transparency.automattic.com/country-block-list/. Other major web platforms such as Reddit and GitHub similarly are forced to block subreddits and repos in certain countries.
- Updated draft to provide less context and highlight the proposed elements more.
Thanks,
Shivan
On Tue, Jul 3, 2018 at 7:51 AM, Patrick McManus <pmcmanus@xxxxxxxxxxx> wrote:
From an HTTP pov: new response headers, such as the proposed geo-scope-block, would really benefit from a more rigorous syntax than is provided here.. see: sections 2 and 3 of https://httpwg.org/http-extensions/draft-ietf-httpbis-varian for how a current wg draft does it. Also, its composition of a list of country codes should probably be a MUST as Tim hints.ts.html#variants Tim's concerns resonate with me as questions a WG really should debate and reach rough consensus on rather than this being an AD sponsored doc (especially as its a defacto update of a standards track document by an informational one). I'm not sure which WG - httpbis did not have a critical mass of interest in this in the past.-PatrickOn Mon, Jul 2, 2018 at 10:17 AM, The IESG <iesg-secretary@xxxxxxxx> wrote:
The IESG has received a request from an individual submitter to consider the
following document: - 'New protocol elements for HTTP Status Code 451'
<draft-sahib-451-new-protocol-elements-01.txt> as Informational RFC
The IESG plans to make a decision in the next few weeks, and solicits final
comments on this action. Please send substantive comments to the
ietf@xxxxxxxx mailing lists by 2018-07-30. Exceptionally, comments may be
sent to iesg@xxxxxxxx instead. In either case, please retain the beginning of
the Subject line to allow automated sorting.
Abstract
This draft recommends protocol updates to Hypertext Transfer Protocol
(HTTP) status code 451 (defined by RFC7725) based on an examination
of how the new status code is being used by parties involved in
denial of Internet resources because of legal demands. Also included
is an analysis of HTTP 451 from a human rights perspective using
guidelines from RFC8280.
Discussion of this draft is at https://www.irtf.org/mailman/listinfo/
hrpc [1] and https://lists.ghserv.net/mailman/listinfo/statuscode451
[2].
The file can be obtained via
https://datatracker.ietf.org/doc/draft-sahib-451-new-protoco l-elements/
IESG discussion can be tracked via
https://datatracker.ietf.org/doc/draft-sahib-451-new-protoco l-elements/ballot/
No IPR declarations have been submitted directly on this I-D.
