- From: Eliot Lear <lear@cisco.com>
- Date: Fri, 27 Sep 2013 14:13:57 +0200
- To: "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
Received on Friday, 27 September 2013 12:14:32 UTC
The no-transform directive forever has said that proxies MUST NOT touch
payload.
Situation:
Suppose there is malware on a web site and a proxy resides between the
client and server.
Questions:
1. Why would the malware distributor NOT want to issue the no-transform
directive? After all, they don't want their malware removed.
2. Why would a proxy honor the directive, knowing that there is malware?
My point: I wonder if the MUST is a bit too strong or whether a caveat
should be added around this. (Maybe there is such a caveat and I've
just missed it?)
Eliot
Received on Friday, 27 September 2013 12:14:32 UTC