[Ballot comment]
Robert and Adrian made already the point in the COMMENTs - if backwards compatibility is not a prblem it would be good to be explicit why - i.e. describe or refer to text that describes what happens at the reception of an unknown status code.

[Ballot comment]
This Comment does not quite merit a Discuss, but I hope the authors will think about whether they can address it.

I would have liked to see some discussion of backward compatibility. Obviously, legacy implementations may receive these new codes in the normal course of affairs. I am sure that default behavior for unknown codes is described somewhere, so one line of text with a reference will cover the default case. However, this document appears to define some mandatory behavior for nodes that see the new codes -  it would be good to show how this is consistent with legacy implementations.

[Ballot comment]
It would help to call out why these codes can be deployed into the existing base without disruption (existing implementations treat unknown messages in a class as the x00 in that class - RFC2616 6.1.1) and explain how the restrictions on not caching these responses are related to RFC2616 13.4.

Given the potential consequence called out for including a login interface in a 511 at the end of section 6.1, I'm surprised this language is "may not be desirable". Why isn't this SHOULD NOT?

[Ballot comment]
The term substrate protocol is not a term I have seen in the lower layers of the net. Perhaps the authors should provide a reference to a definition of the term.

[Ballot comment]
You might note that the 511 code doesn't help to avoid the
problem of an intercepting proxy having to fake out the
X.509 certificate of the user's target server. (I don't mind
if you don't add that.)

Please also continue the discussion started from Steve
Hanna's secdir review. [1] I believe some of those changes
are agreed but not yet made, while others are still being
discussed.

  [1] https://www.ietf.org/ibin/c5i?mid=6&rid=48&gid=0&k1=933&k3=10932&tid=1327720307

[Ballot comment]
Section 3:

  Responses using this status code SHOULD explain how to resubmit the
  request successfully.  For example:

The SHOULD seems a little overdone. There's no protocol interoperability issue here AFAICT. Perhaps just, "The body of the response is used for an explanation of how to resubmit the request successfully." Or just lowercase the should.

Section 4:

  The response representations SHOULD include details explaining the
  condition, and MAY include a Retry-After header indicating how long
  to wait before making a new request.

Same issue as above, for both the SHOULD and the MAY. Also, I'm not sure I know what a "response representation" is. Term of art?

Section 5:

  ...the response representation SHOULD specify which header
  field was too large.

Same issue as above.

Section 6:

  The response representation SHOULD indicate how to do this; e.g.,
  with an HTML form for submitting credentials.

Similar issue to the above, however made a bit stranger by the text in 6.1:

  Note that the 511 response can itself contain the login interface,
  but it may not be desirable to do so, because browsers would show the
  login interface as being associated with the originally requested
  URL, which may cause confusion.

Those two seem to conflict.

IANA understands that, upon approval of this document, there is a single
IANA action which needs to be completed.

In the Hypertext Transfer Protocol (HTTP) Status Code Registry located at:

http://www.iana.org/assignments/http-status-codes

the following four values will be added to the registry as follows:

Registry Value: 428
Description: Precondition Required
Reference: [ RFC-to-be ]

Registry Value: 429
Description: Too Many Requests
Reference: [ this document ]

Registry Value: 431
Description: Request Header Fields Too Large
Reference: [ this document ]

Registry Value: 511
Description: Network Authentication Required
Reference: [ this document ]

IANA understands that this is the only IANA action required upon
approval of this document.

State changed to In Last Call from Last Call Requested.

The following Last Call Announcement was sent out:

From: The IESG
To: IETF-Announce
Reply-To: ietf@ietf.org
Subject: Last Call:  (Additional HTTP Status Codes) to Proposed Standard


The IESG has received a request from an individual submitter to consider
the following document:
- 'Additional HTTP Status Codes'
  as a Proposed Standard

The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action. Please send substantive comments to the
ietf@ietf.org mailing lists by 2012-01-13. Exceptionally, comments may be
sent to iesg@ietf.org instead. In either case, please retain the
beginning of the Subject line to allow automated sorting.

Abstract


  This document specifies additional HyperText Transfer Protocol (HTTP)
  status codes for a variety of common situations.

Editorial Note (To be removed by RFC Editor before publication)

  Distribution of this document is unlimited.  Although this is not a
  work item of the HTTPbis Working Group, comments should be sent to
  the Hypertext Transfer Protocol (HTTP) mailing list at
  ietf-http-wg@w3.org [1], which may be joined by sending a message
  with subject "subscribe" to ietf-http-wg-request@w3.org [2].

  Discussions of the HTTPbis Working Group are archived at
  .




The file can be obtained via
http://datatracker.ietf.org/doc/draft-nottingham-http-new-status/

IESG discussion can be tracked via
http://datatracker.ietf.org/doc/draft-nottingham-http-new-status/


No IPR declarations have been submitted directly on this I-D.

Writeup from Julian Reschke.

###

  (1.a) Who is the Document Shepherd for this document? Has the
        Document Shepherd personally reviewed this version of the document
        and, in particular, does he or she believe this version is ready
        for forwarding to the IESG for publication?

The Shepherd is me, Julian Reschke.

I have reviewed the document, and I believe is is ready for publication.

  (1.b) Has the document had adequate review both from key members of
        the interested community and others? Does the Document Shepherd
        have any concerns about the depth or breadth of the reviews that
        have been performed?

The document has gotten significant review on the HTTPbis WG's mailing list.

  (1.c) Does the Document Shepherd have concerns that the document
        needs more review from a particular or broader perspective, e.g.,
        security, operational complexity, someone familiar with AAA,
        internationalization or XML?

No, I don't think additional review is needed.

  (1.d) Does the Document Shepherd have any specific concerns or
        issues with this document that the Responsible Area Director
        and/or the IESG should be aware of? For example, perhaps he or
        she is uncomfortable with certain parts of the document, or has
        concerns whether there really is a need for it. In any event, if
        the interested community has discussed those issues and has
        indicated that it still wishes to advance the document, detail
        those concerns here.

No concerns.

  (1.e) How solid is the consensus of the interested community behind
        this document? Does it represent the strong concurrence of a few
        individuals, with others being silent, or does the interested
        community as a whole understand and agree with it?

It has strong consensus among those who participated in developing and
reviewing it.

  (1.f) Has anyone threatened an appeal or otherwise indicated extreme
        discontent? If so, please summarise the areas of conflict in
        separate email messages to the Responsible Area Director. (It
        should be in a separate email because this questionnaire is
        entered into the ID Tracker.)

No extreme discontent was voiced.

  (1.g) Has the Document Shepherd personally verified that the
        document satisfies all ID nits? (See the Internet-Drafts Checklist
        and http://tools.ietf.org/tools/idnits/). Boilerplate checks are not
        enough; this check needs to be thorough. Has the document met all
        formal review criteria it needs to, such as the MIB Doctor, media
        type and URI type reviews?

Nits have been verified. There is one warning:

  -- The draft header indicates that this document updates RFC2616, but the
    abstract doesn't seem to mention this, which it should.

which should be addressed by explaining why the update clause is there
(it's a requirement of the current status code registry procedure).

  (1.h) Has the document split its references into normative and
        informative? Are there normative references to documents that are
        not ready for advancement or are otherwise in an unclear state?
        If such normative references exist, what is the strategy for their
        completion? Are there normative references that are downward
        references, as described in [RFC3967]? If so, list these downward
        references to support the Area Director in the Last Call procedure
        for them [RFC3967].

The references have been checked and are split into Normative/Informative.

  (1.i) Has the Document Shepherd verified that the document IANA
        consideration section exists and is consistent with the body of
        the document? If the document specifies protocol extensions, are
        reservations requested in appropriate IANA registries? Are the
        IANA registries clearly identified? If the document creates a new
        registry, does it define the proposed initial contents of the
        registry and an allocation procedure for future registrations?
        Does it suggested a reasonable name for the new registry? See
        [I-D.narten-iana-considerations-rfc2434bis]. If the document
        describes an Expert Review process has Shepherd conferred with the
        Responsible Area Director so that the IESG can appoint the needed
        Expert during the IESG Evaluation?

IANA considerations are present and ok.

  (1.j) Has the Document Shepherd verified that sections of the
        document that are written in a formal language, such as XML code,
        BNF rules, MIB definitions, etc., validate correctly in an
        automated checker?

There was nothing to check.

  (1.k) The IESG approval announcement includes a Document
        Announcement Write-Up. Please provide such a Document
        Announcement Writeup? Recent examples can be found in the
        "Action" announcements for approved documents. The approval
        announcement contains the following sections:

    Technical Summary

        This document specifies additional HyperText Transfer Protocol (HTTP)
        status codes for a variety of common situations.

    Working Group Summary

        This document was discussed in HTTPbis, but not adopted as WG
        document due to the constrained Working Group Charter.

        There was some disagreement about the choice of stataus code classes
        (4xx vs 5xx), but in the end a choice needed to be made and all
        involved participants seem to be ok with the choice.

    Document Quality

        New HTTP status codes can be easily deployed because of the HTTP's
        defined fallback behavior (e.g., 4xx is interpreted as 400 when
        unknown). As such, there is no interoperability concern here as
        servers can start using these codes without having to wait for specific
        client implementations.

###