- From: Mark Nottingham <mnot@mnot.net>
- Date: Thu, 13 Feb 2014 10:18:51 +1100
- To: Nicolas Mailhot <nicolas.mailhot@laposte.net>
- Cc: "William Chan (???)" <willchan@chromium.org>, Peter Lepeska <bizzbyster@gmail.com>, Frode Kileng <frodek@tele.no>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
On 12 Feb 2014, at 8:33 pm, Nicolas Mailhot <nicolas.mailhot@laposte.net> wrote: > > Le Mer 12 février 2014 05:52, Mark Nottingham a écrit : > >> I think the security properties of that scheme are becoming well >> understood, and they are effective within certain bounds. They may not >> allow a proxy to "add value", but that isn't a necessary condition for >> every new addition to the Web, surely? > > It's not a case of adding value. It's a case of getting the ecosystem work > well. If you add a measure to fight cache poisoning, but forget to take > proxy caches into account, you have users, browser authors and site > authors complain that "the proxy broke the web site" when its cache gets > poisoned because the other actors forgot to inform it of the security hash > (and do not forget that some proxies are deployed explicitly to perform > such security checks!) If you're concerned about that use case, I'd suggest you join that list and propose a mechanism (e.g., a request header that the client can use to convey the hash it expects -- but there are DoS implications, etc. there too). They're quite open to suggestions in my experience. <http://www.w3.org/2011/webappsec/> Cheers, -- Mark Nottingham http://www.mnot.net/
Received on Wednesday, 12 February 2014 23:19:24 UTC