Re: rethinking caching

Jeffrey Mogul writes:
 > I have added "Spoofing using Location headers (prevention thereof?)"
 > to my list of issues for the caching subgroup, although this is not
 > a commitment that we will actually solve the problem.
 > I tend to agree with the view that this is not exactly a protocol
 > design issue, but rather is a problem for people who are implementing
 > shared web servers.  No matter what criteria we put into the HTTP
 > protocol, if has sold service to both "The Good Guys"
 > and "The Bad Guys" without providing some security barriers
 > between them, then nothing we can do in the protocol spec will
 > solve everything.
 > But it may be that we can include some recommendations that will
 > improve security without significantly compromising performance.
 > And some of these may be necessary to provide correct caching
 > even without the threat of malicious behavior.
 > -Jeff

I agree that this is not exactly a protocol design issue.  However,
there are a number of aspects to caching that are not exactly part of
the communication protocol.  Larry Masinter wondered (though I think
it might have been just to me) whether we shouldn't consider doing a
separate I-D to cover caching, presumably to address the kinds of
issues that are not strictly part of the communication protocol, but
that need to be, or at least would be far better off being, nailed
down in any case.

But we can talk about this after the caching sub-wg gets going.


Received on Monday, 18 December 1995 15:21:20 UTC