- From: Mark Nottingham <mnot@mnot.net>
- Date: Tue, 9 Nov 2010 22:38:25 +1100
- To: Mike Kelly <mike@mykanjo.co.uk>
- Cc: Julian Reschke <julian.reschke@gmx.de>, nathan@webr3.org, HTTP Working Group <ietf-http-wg@w3.org>
It's a matter of degrees; the worst that can happen with invalidation is that there will be a cache miss. If a cache were to use C-L to satisfy future requests at that URL, it would allow cache poisoning. Cheers, On 09/11/2010, at 10:18 PM, Mike Kelly wrote: > Ok - how does that leave the cache invalidation rule for C-L and > Location? Do the same concerns over trust not apply? > > Cheers, > Mike > > On Tue, Nov 9, 2010 at 1:22 AM, Mark Nottingham <mnot@mnot.net> wrote: >> >> On 08/11/2010, at 3:33 AM, Mike Kelly wrote: >>> >>> Out of interest; has anyone explored the possibility of a specific >>> cache-control directive that could indicate that the cache conditions >>> apply to the Content-Location URI? >> >> >> The problem is one of trust; if you own http://example.com/~mike/a and I own http://example.com/~mark/b, you don't want my responses making asserting things about yours. >> >> What's interesting is that there's talk in a few different places (mostly security communities, e.g., WEBSEC and the W3C) about policy frameworks; this may provide something to hang these sorts of semantics off of as well. >> >> Cheers, >> >> -- >> Mark Nottingham http://www.mnot.net/ >> >> >> >> -- Mark Nottingham http://www.mnot.net/
Received on Tuesday, 9 November 2010 11:38:58 UTC