- From: Amos Jeffries <squid3@treenet.co.nz>
- Date: Fri, 29 Jul 2016 23:40:21 +1200
- To: ietf-http-wg@w3.org
On 29/07/2016 11:07 p.m., Mark Nottingham wrote: > On 29 Jul 2016, at 9:50 AM, Amos Jeffries wrote: >> >> On 28/07/2016 6:30 p.m., Poul-Henning Kamp wrote: >>> -------- >>> In message <em51dddd7f-de76-4e87-abcb-0f315b115499@bodybag>, "Adrien de Croy" w >>> rites: >>> >>>> The problem with deferring headers in responses to after content, is=20 >>>> that proxies often make policy decisions based on response headers, and=20 >>>> therefore need these to be all up front. >>>> >>>> Trailers for this reason are also a problem >>> >>> We talked about this in the workshop, and yes, trailers *in general* >>> is a problem, but the specific trailers people care about are not. >>> >>> The trailers people ask for, as far as I understood: >>> >>> Etag >>> >>> Set-cookie >>> >>> Cache-Control(/Expires/Age) >>> >>> They are *not* a problem. >>> >> >> Technically true. But those last three are exceedingly annoying if >> pushed into Trailers. Verging on being an outright attack. Since we >> reserve cache space and do a lot of storage activity before finding out >> whether its actually not cacheable after all. Usually something else >> potentially useful got discarded to make room for it as well. > > Trailer: ETag would probably be a good hint about that... > By the last three I was meaning "Cache-Control(/Expires/Age)" in PHK's list. Taking a second thought about it there are also some hidden security considerations around potentially storing the reply to non-volatile storage when a 'Cache-Control:no-store' is deferred to Trailers. Amos
Received on Friday, 29 July 2016 11:41:06 UTC