- From: Shel Kaphan <sjk@amazon.com>
- Date: Mon, 18 Dec 1995 15:09:27 -0800
- To: Jeffrey Mogul <mogul@pa.dec.com>
- Cc: Shel Kaphan <sjk@amazon.com>, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
Jeffrey Mogul writes: > I have added "Spoofing using Location headers (prevention thereof?)" > to my list of issues for the caching subgroup, although this is not > a commitment that we will actually solve the problem. > > I tend to agree with the view that this is not exactly a protocol > design issue, but rather is a problem for people who are implementing > shared web servers. No matter what criteria we put into the HTTP > protocol, if www.webcondo.com has sold service to both "The Good Guys" > and "The Bad Guys" without providing some security barriers > between them, then nothing we can do in the protocol spec will > solve everything. > > But it may be that we can include some recommendations that will > improve security without significantly compromising performance. > And some of these may be necessary to provide correct caching > even without the threat of malicious behavior. > > -Jeff I agree that this is not exactly a protocol design issue. However, there are a number of aspects to caching that are not exactly part of the communication protocol. Larry Masinter wondered (though I think it might have been just to me) whether we shouldn't consider doing a separate I-D to cover caching, presumably to address the kinds of issues that are not strictly part of the communication protocol, but that need to be, or at least would be far better off being, nailed down in any case. But we can talk about this after the caching sub-wg gets going. --Shel
Received on Monday, 18 December 1995 15:21:20 UTC