Re: How HTTP 2.0 mandatory security will actually reduce my personal security

Cache-control isn't rich enough to express this yet.
The mechanism itself is less interesting than figuring out the set of
caching policy primitives-- once that exists, and once a backwards
compatible way of specifying how to access such resources from a standard
HTML page exists (new schemes probably don't/won't work), then we're ready
to roll!

On Fri, Nov 15, 2013 at 12:39 AM, Julian Reschke <>wrote:

> On 2013-11-15 09:00, Roberto Peon wrote:
>> There is explicitly an option for unencrypted HTTP/2, but not over the
>> "open" internet, since that is known/provent to be unreliable.
>> And in my personal opinion, HTTP is a poor mechanism for cached content:
>> it allows for a very limited distribution model and (amongst other
>> things) doesn't adequately differentiate between resources that should
>> be public, but verifiably unmodified, and private resources.
> > ...
> Cache-Control?
> Best regards, Julian

Received on Friday, 15 November 2013 08:43:39 UTC