W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2013

Re: How HTTP 2.0 mandatory security will actually reduce my personal security

From: Roberto Peon <grmocg@gmail.com>
Date: Fri, 15 Nov 2013 00:43:12 -0800
Message-ID: <CAP+FsNcpUMGDSzyWacSXPTq41x8E4di=5DOove+sv8SrtAM+qg@mail.gmail.com>
To: Julian Reschke <julian.reschke@gmx.de>
Cc: Bruce Perens <bruce@perens.com>, HTTP Working Group <ietf-http-wg@w3.org>
Cache-control isn't rich enough to express this yet.
The mechanism itself is less interesting than figuring out the set of
caching policy primitives-- once that exists, and once a backwards
compatible way of specifying how to access such resources from a standard
HTML page exists (new schemes probably don't/won't work), then we're ready
to roll!
-=R


On Fri, Nov 15, 2013 at 12:39 AM, Julian Reschke <julian.reschke@gmx.de>wrote:

> On 2013-11-15 09:00, Roberto Peon wrote:
>
>> There is explicitly an option for unencrypted HTTP/2, but not over the
>> "open" internet, since that is known/provent to be unreliable.
>>
>> And in my personal opinion, HTTP is a poor mechanism for cached content:
>> it allows for a very limited distribution model and (amongst other
>> things) doesn't adequately differentiate between resources that should
>> be public, but verifiably unmodified, and private resources.
>>
> > ...
>
> Cache-Control?
>
> Best regards, Julian
>
Received on Friday, 15 November 2013 08:43:39 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:11:19 UTC