- From: Amos Jeffries <squid3@treenet.co.nz>
- Date: Sat, 21 Jun 2014 15:58:13 +1200
- To: ietf-http-wg@w3.org
On 21/06/2014 9:52 a.m., Martin Nilsson wrote: > On Fri, 20 Jun 2014 22:23:05 +0200, Julian Reschke wrote: > >> >> If the origin server say "no-transform", and the UA receives a >> transformed payload, that's non-conforming. I don't believe there's >> any wiggle room here. > > That depends on where you draw the line for the UA box. If you split the > browser into multiple processes, are they allowed to send different > representation of the data between each other? What if you move some > processes to different hosts? > > It also depends on what your view is on the authority over data. Should > the origin server overrule the user agents decision? If the user agent > explicitly asked for compressed data, should the origin server be > allowed to overrule that? Should no-transform defeat all network > security appliances? no-transform is also used in the medical industry to protect sensitive data. I wonder how many patients are getting wrong disgnosis due to compression artifacts in their scan result images when sent to medical experts via these services? I would hope none due to the medical IT departments due diligence on the services used. But one never knows when an idiot will appear. Amos
Received on Saturday, 21 June 2014 03:59:00 UTC