W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2014

#444: Flushing Alt-Svc Cache

From: Mark Nottingham <mnot@mnot.net>
Date: Fri, 25 Apr 2014 10:34:18 +1000
Message-Id: <1B24B250-D7C8-4A57-8BFC-ABE7403EFD39@mnot.net>
To: HTTP Working Group <ietf-http-wg@w3.org>
<https://github.com/http2/http2-spec/issues/444>

> For the load balancing use case, it's necessary for clients to always flush altsvc cache upon a network change, but right now they're only required to examine the cache for suspicious entries. We should discuss whether this should be upgraded to always flush.

I think the logical proposal would be to change <http://http2.github.io/http2-spec/alt-svc.html#caching>

"""
To mitigate risks associated with caching compromised values (see Section 7.2 for details), user agents should examine cached alternative services when they detect a change in network configuration, and remove any that could be compromised (for example, those whose association with the trust root is questionable). UAs that do not have a means of detecting network changes should place an upper bound on their lifetime.
"""

to read:

"""
To mitigate risks associated with caching compromised values (see Section 7.2 for details), user agents should remove all cached alternative services when they detect a change in network configuration. UAs that do not have a means of detecting network changes should place an upper bound on their lifetime.
"""

Thoughts?


Cheers,

--
Mark Nottingham   http://www.mnot.net/
Received on Friday, 25 April 2014 00:33:16 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:30 UTC