W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > September to December 1995

Re: rethinking caching

From: Benjamin Franz <snowhare@netimages.com>
Date: Sat, 16 Dec 1995 08:41:56 -0800 (PST)
To: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
Message-Id: <Pine.LNX.3.91.951216083311.2003A-100000@ns.viet.net>
On Sat, 16 Dec 1995, Koen Holtman wrote:

> 
>   Clients (including caching proxies) should disregard Location
>   headers in 2xx responses if they do not point to the same server
>   that generated the response.
> 
> This restriction still leaves you with a negotiation mechanism
> powerful enough to handle the French/English example.
> 
> Note that the above solution assumes that either the content providers
> on the same server either trust each other not to spoof, or that the
> server has some Location response header filtering mechanism that
> excludes spoofing.
> 

This is not a safe assumption. Numerous providers sell space to many 
independent people on single servers. For example: www.xmission.com 
serves on the order of 1000 independent entities, including many 
businesses and people, and allows CGI to be owned by the individuals. 
Clearly there is the opportunity for someone to spoof there under the 
rule. It is not significantly safer than unrestricted redirections when 
many (most?) people share common servers.

-- 
Benjamin Franz
Received on Saturday, 16 December 1995 08:34:08 EST

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:31:37 EDT