W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2016

Re: ID for Immutable

From: Kari Hurtta <hurtta-ietf@elmme-mailer.org>
Date: Sat, 29 Oct 2016 09:44:09 +0300 (EEST)
To: HTTP working group mailing list <ietf-http-wg@w3.org>, Patrick McManus <pmcmanus@mozilla.com>
CC: Kari Hurtta <hurtta-ietf@elmme-mailer.org>
Message-Id: <20161029064409.A1B081106E@welho-filter1.welho.com>
> I do believe the lack of integrity protection in plaintext transfer is an
> important security consideration for immutable that suggests they should
> not be used together. I'm open to other wording on it for sure.. https://
> might be sufficient here.


I suspect that corruption (truncation most likely) happens then
between TLS termination (TLS ofloading, for example load balancer)
and web server.

Yes, reloading with conditional request does not help here either.

(And if load balancer caches this then any reloading probably
 does not help here. Specially if request cache-control
 header is ignored. )

/ Kari Hurtta

 
Received on Saturday, 29 October 2016 06:44:43 UTC

This archive was generated by hypermail 2.3.1 : Saturday, 29 October 2016 06:44:47 UTC