Network Working Group S. Sahib Internet-Draft August 01, 2018 Intended status: Informational Expires: February 2, 2019 New protocol elements for HTTP Status Code 451 draft-sahib-451-new-protocol-elements-03 Abstract This document recommends additional protocol elements to Hypertext Transfer Protocol (HTTP) status code 451 (defined by RFC7725). Discussion of this document was conducted on the Human Rights Protocol Considerations Research Group mailing list https://www.irtf.org/mailman/listinfo/hrpc [1], briefly on the HTTPBIS Working Group mailing list ietf-http-wg@w3.org [2] and on https://lists.ghserv.net/mailman/listinfo/statuscode451 [3]. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on February 2, 2019. Copyright Notice Copyright (c) 2018 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must Sahib Expires February 2, 2019 [Page 1] Internet-Draft New elements for HTTP 451 August 2018 include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 2. New Protocol Elements . . . . . . . . . . . . . . . . . . . . 2 2.1. Blocking Authority . . . . . . . . . . . . . . . . . . . 2 2.2. Geographical Scope of Block . . . . . . . . . . . . . . . 3 3. Security Considerations . . . . . . . . . . . . . . . . . . . 3 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 3 Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 3 6. References . . . . . . . . . . . . . . . . . . . . . . . . . 4 6.1. Normative References . . . . . . . . . . . . . . . . . . 4 6.2. Informative References . . . . . . . . . . . . . . . . . 4 6.3. URIs . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 4 1. Introduction [RFC7725] was standardized by the IETF in February 2016. It defined HTTP status code 451 - to be used when "a server operator has received a legal demand to deny access to a resource or to a set of resources". This document attempts to outline protocol recommendations that would help make the status code more useful to users. 2. New Protocol Elements 2.1. Blocking Authority An HTTP response with status code 451 should include a "Link" HTTP header field [RFC8288] which has a "rel" parameter whose value is "blocking-authority", in addition to the "blocked-by" header specified in [RFC7725]. It's important to distinguish between the implementer of the block, and the authority that mandated the block in the first place [ERRATA_ID-5181]. This is because these two organizations might not be the same - a government (the blocking authority) could force an Internet Service Provider (the implementer of the block) to deny access to a certain resource. Both provide essential information about the legal block. Sahib Expires February 2, 2019 [Page 2] Internet-Draft New elements for HTTP 451 August 2018 2.2. Geographical Scope of Block HTTP status code 451 is increasingly being used to deny access to resources based on geographical location. The response should contain a provisional header named "geo-scope-block" that specifies the countries in which a resource is blocked. This scope should correspond to a comma-separated list of alpha-2 country codes defined in [ISO.3166-1]. The rationale for keeping the geographical scope to country-level granularity is that most blocks are mandated by national governments [IMPL_REPORT], [AUTOMATTIC_COUNTRY_BLOCK_LIST]. 3. Security Considerations This document does not add additional security considerations to [RFC7725]. 4. IANA Considerations The Link Relation Type Registry should be updated with the following entry: - Relation Name: blocking-authority - Description: Identifies the authority that has issued the block. - Reference: this document In addition, IANA should be updated with the following provisional header: - Header field name: geo-scope-block - Applicable protocol: http - Status: provisional - Specification document(s): this document Acknowledgements Thanks to Alp Toker, Niels ten Oever, Stephane Bortzmeyer, Corinne Cath, Christine Runnegar, and many others on the HRPC mailing list (linked above) for reviewing and brainstorming. Sahib Expires February 2, 2019 [Page 3] Internet-Draft New elements for HTTP 451 August 2018 6. References 6.1. Normative References [ERRATA_ID-5181] Bortzmeyer, S., "[Technical Errata Reported] RFC7725 (5181)", 2017, . [ISO.3166-1] International Organization for Standardization, "Codes for the representation of names of countries and their subdivisions - Part 1: Country code", ISO Standard 3166- 1:1997 , 1997. [RFC7725] Bray, T., "An HTTP Status Code to Report Legal Obstacles", RFC 7725, DOI 10.17487/RFC7725, February 2016, . [RFC8288] Nottingham, M., "Web Linking", RFC 8288, DOI 10.17487/RFC8288, October 2017, . 6.2. Informative References [AUTOMATTIC_COUNTRY_BLOCK_LIST] "Automattic - Country Block List", 2018, . [IMPL_REPORT] Abraham, S., Canales, MP., Hall, J., Khrustaleva, O., ten Oever, N., Runnegar, C., and S. Sahib, "Implementation Report for HTTP Status Code 451", 2017, . 6.3. URIs [1] https://www.irtf.org/mailman/listinfo/hrpc [2] mailto:ietf-http-wg@w3.org [3] https://lists.ghserv.net/mailman/listinfo/statuscode451 Author's Address Shivan Kaul Sahib EMail: shivankaulsahib@gmail.com Sahib Expires February 2, 2019 [Page 4]