W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2016

Re: ID for Immutable

From: Amos Jeffries <squid3@treenet.co.nz>
Date: Sun, 30 Oct 2016 16:15:20 +1300
To: ietf-http-wg@w3.org
Message-ID: <c31c706c-1873-8143-8728-8c4888c37f4b@treenet.co.nz>
On 29/10/2016 6:21 a.m., Patrick McManus wrote:
> I do believe the lack of integrity protection in plaintext transfer is an
> important security consideration for immutable that suggests they should
> not be used together. I'm open to other wording on it for sure.. https://
> might be sufficient here.
> 

Since the behaviour which 'immutable' is defining is already optionally
followed by any cache implementation in both insecure and secure
contexts. There is no additional security considerations being added by
this option.

The security considerations around corrupt objects being considered
"fresh" applies to HTTP caching in general, not just immutable objects.

The issues that are being pointed out are real, but apply equally for
secure and for insecure contexts already today without immutable being
involved. I dont see any need to distinguish between contexts in this
draft, nor to prohibit 'insecure' contexts from having immutable objects.


To back this; Squid has for a very long time had a configuration control
which enables admin to mark specific URL as having this same immutable
behaviour. It is one of the more popular ones and used in the 'insecure
context'.

AFAIK, the only issue which has come to light in all that time that can
be attributed to this control is that objects changing faster than what
the admin was aware (or their stated expiry time) had to be manually
refreshed from the client end (if anyone actually cared). Moving the
control point from proxy config to origin server avoids that issue.

Amos
Received on Sunday, 30 October 2016 03:16:08 UTC

This archive was generated by hypermail 2.3.1 : Sunday, 30 October 2016 03:16:10 UTC