W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2016

Re: ID for Immutable

From: Patrick McManus <pmcmanus@mozilla.com>
Date: Fri, 28 Oct 2016 13:21:57 -0400
Message-ID: <CAOdDvNqTabR3zpRgjJVkBPdBVcOboCbG=5b6x+mKauwB1-w=Pw@mail.gmail.com>
To: Alex Rousskov <rousskov@measurement-factory.com>
Cc: HTTP Working Group <ietf-http-wg@w3.org>, Patrick McManus <pmcmanus@mozilla.com>
I do believe the lack of integrity protection in plaintext transfer is an
important security consideration for immutable that suggests they should
not be used together. I'm open to other wording on it for sure.. https://
might be sufficient here.





On Fri, Oct 28, 2016 at 12:50 PM, Alex Rousskov <
rousskov@measurement-factory.com> wrote:

> On 10/26/2016 03:02 PM, Patrick McManus wrote:
>
> >    o  Clients should ignore immutable for resources that are not part of
> >       a secure context [SECURECONTEXTS].
>
> Please think of the children^H^H^H^H proxies. AFAICT, "secure contexts"
> are currently a user agent concept. If the above "should" is meant to be
> a "SHOULD", then the draft automatically disqualifies most proxies from
> legally utilizing this promising "ignore reload" mechanism.
>
>
> Thank you,
>
> Alex.
>
>
Received on Friday, 28 October 2016 17:22:26 UTC

This archive was generated by hypermail 2.3.1 : Friday, 28 October 2016 17:22:28 UTC