W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > September to December 1995

Re: rethinking caching

From: Jeffrey Mogul <mogul@pa.dec.com>
Date: Mon, 18 Dec 95 14:41:06 PST
Message-Id: <9512182241.AA19724@acetes.pa.dec.com>
To: Shel Kaphan <sjk@amazon.com>
Cc: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
I have added "Spoofing using Location headers (prevention thereof?)"
to my list of issues for the caching subgroup, although this is not
a commitment that we will actually solve the problem.

I tend to agree with the view that this is not exactly a protocol
design issue, but rather is a problem for people who are implementing
shared web servers.  No matter what criteria we put into the HTTP
protocol, if www.webcondo.com has sold service to both "The Good Guys"
and "The Bad Guys" without providing some security barriers
between them, then nothing we can do in the protocol spec will
solve everything.

But it may be that we can include some recommendations that will
improve security without significantly compromising performance.
And some of these may be necessary to provide correct caching
even without the threat of malicious behavior.

-Jeff
Received on Monday, 18 December 1995 14:53:49 EST

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:31:37 EDT