Re: rethinking caching

On Sat, 16 Dec 1995, Koen Holtman wrote:

>   Clients (including caching proxies) should disregard Location
>   headers in 2xx responses if they do not point to the same server
>   that generated the response.
> This restriction still leaves you with a negotiation mechanism
> powerful enough to handle the French/English example.
> Note that the above solution assumes that either the content providers
> on the same server either trust each other not to spoof, or that the
> server has some Location response header filtering mechanism that
> excludes spoofing.

This is not a safe assumption. Numerous providers sell space to many 
independent people on single servers. For example: 
serves on the order of 1000 independent entities, including many 
businesses and people, and allows CGI to be owned by the individuals. 
Clearly there is the opportunity for someone to spoof there under the 
rule. It is not significantly safer than unrestricted redirections when 
many (most?) people share common servers.

Benjamin Franz

Received on Saturday, 16 December 1995 08:34:08 UTC