Re: [Acme] Minor fix for JWS signature algorithms

On 30 November 2016 at 15:52, Richard Barnes wrote: > So, dear HTTP editor, which code should we use? No need to be facetious :) I was agreeing with Ted, if that wasn't clear. 400 is your grab bag for "requests you don't like". 403 is generally used for cases where authentication

Re: [Acme] Minor fix for JWS signature algorithms

So, dear HTTP editor, which code should we use? On Nov 29, 2016 8:09 PM, "Martin Thomson" wrote: > On 30 November 2016 at 09:38, Ted Hardie wrote: > > That's a lot of different bike sheds covered with the same paint. Maybe > > that uniformity is

Re: [Acme] Minor fix for JWS signature algorithms

Taking a look at this, I wonder a bit if we are not over-using 403. At the moment we use 403 and a reason for pre-auth failure, ToS failure, and now for algorithm signature mismatch. That's a lot of different bike sheds covered with the same paint. Maybe that uniformity is good, but , especially