W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2013

no-transform & working group last call for -p1 et al

From: Eliot Lear <lear@cisco.com>
Date: Fri, 27 Sep 2013 14:13:57 +0200
Message-ID: <52457685.9040103@cisco.com>
To: "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
The no-transform directive forever has said that proxies MUST NOT touch
payload. 

Situation:

Suppose there is malware on a web site and a proxy resides between the
client and server. 

Questions:

 1. Why would the malware distributor NOT want to issue the no-transform
    directive?  After all, they don't want their malware removed.
 2. Why would a proxy honor the directive, knowing that there is malware?


My point: I wonder if the MUST is a bit too strong or whether a caveat
should be added around this.  (Maybe there is such a caveat and I've
just missed it?)

Eliot
Received on Friday, 27 September 2013 12:14:32 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:15 UTC