- From: Jeffrey Mogul <mogul@pa.dec.com>
- Date: Mon, 18 Dec 95 14:41:06 PST
- To: Shel Kaphan <sjk@amazon.com>
- Cc: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
I have added "Spoofing using Location headers (prevention thereof?)" to my list of issues for the caching subgroup, although this is not a commitment that we will actually solve the problem. I tend to agree with the view that this is not exactly a protocol design issue, but rather is a problem for people who are implementing shared web servers. No matter what criteria we put into the HTTP protocol, if www.webcondo.com has sold service to both "The Good Guys" and "The Bad Guys" without providing some security barriers between them, then nothing we can do in the protocol spec will solve everything. But it may be that we can include some recommendations that will improve security without significantly compromising performance. And some of these may be necessary to provide correct caching even without the threat of malicious behavior. -Jeff
Received on Monday, 18 December 1995 14:53:49 UTC