- From: Yves Lafon <notifications@github.com>
- Date: Tue, 22 Oct 2019 05:57:14 -0700
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Tuesday, 22 October 2019 12:57:18 UTC
The resource decides it doesn't want extra traffic by giving cache information, the decision to track/identify the end-used is only a browser issue, and inflicting the burden of extra traffic to solve a browser internal issue is not really fair. What would any bandwidth-saving scheme (revalidation only, which is already extra traffic / caching retrieval time and fake delay which doesn't add traffic) leak information back to the server? After all the server already got information that client A visited already, the issue is disclosing information to another server via timing attack on retrieval. For the deduplication, I agree it is implementation dependent and doesn't need to be in the specification. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/424#issuecomment-544948825
Received on Tuesday, 22 October 2019 12:57:18 UTC