Re: rethinking caching

Benjamin Franz:
>On Sun, 17 Dec 1995, Koen Holtman wrote:
>> Not that I expect many providers to implement such a filtering
>> mechanism, most would treat web spoofing like they treat news spamming
>> and mail forging now: forbid it in the terms of service agreement and
>> deal appropriately with any found violations.
>Ummmm...Considering the immense magnitude of both spamming and forging 
>today, this is not a convincing argument for leaving it to local option.

Hmm, forging does not happen that often AFAIK.  Anyway, the kind of
web spoofing we are talking about here does not have the same global
impact as spamming and forging: with the rule that 2xx Location
headers not pointing to the server that generated the response should
be ignored, this kind of web spoofing can only harm users that share
the host with the spoofer.

>The other route (local filtering) just places too much reliance on good
>security management at the local level.

As the impact of mismanagement would be limited to local content, I
have little problems with this reliance being placed.  Service
providers with security management lousy enough to allow prolonged web
spoofing will simply loose their customers and die.

>On large systems with thousands of customers with many special cases, it 
>would be a logistical nightmare even for experienced admins.

Not if the Location header filter is user-id based as described
before.  Experienced admins could create such a filter in a few hours,
if it is not already a standard option of future 1.1 http servers.

In other words, I don't share your pessimism.

>Benjamin Franz


Received on Monday, 18 December 1995 07:53:40 UTC