Re: dont-revalidate Cache-Control header from Martin Thomson on 2015-07-15 (ietf-http-wg@w3.org from July to September 2015)

From: Martin Thomson <martin.thomson@gmail.com>
Date: Wed, 15 Jul 2015 10:28:59 -0700
To: Guille -bisho- <bishillo@gmail.com>
Cc: Ben Maurer <ben.maurer@gmail.com>, Mark Nottingham <mnot@mnot.net>, Amos Jeffries <squid3@treenet.co.nz>, HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <CABkgnnU0+X4eEMoUtwn=rmU5nOWfTYcQxsFwOKJixN0upFOh3Q@mail.gmail.com>

On 15 July 2015 at 10:13, Guille -bisho- <bishillo@gmail.com> wrote:
> If corruption is still a concern (not sure if it is because https will give
> us better integrity guarantees), what about an optional checksum?
> static=<type>:<hash> like static=SHA1:###... ?

At that point you are reinventing SRI.  Which suggests that SRI is a
signal that user agents could use, and might be all that is necessary.

Received on Wednesday, 15 July 2015 17:29:26 UTC