Re: dont-revalidate Cache-Control header from Ben Maurer on 2015-07-15 (ietf-http-wg@w3.org from July to September 2015)

From: Ben Maurer <ben.maurer@gmail.com>
Date: Wed, 15 Jul 2015 23:39:52 +0100
To: Martin Thomson <martin.thomson@gmail.com>
Cc: Guille -bisho- <bishillo@gmail.com>, Mark Nottingham <mnot@mnot.net>, Amos Jeffries <squid3@treenet.co.nz>, HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <CABgOVaLZ2V7Na9u5FOOy7kkny8j_qiBLDrnZAOOJ_TBkuVZOpw@mail.gmail.com>

SRI is difficult to use in many of these cases. For example, at Facebook,
we often dynamically construct thumbnails of photos in order to avoid
having to store both high-res and low-res versions of a photo. We might
link you to /profilepics/64x64/4.jpg which is a 64x64 version of 4.jpg.
Since this file is computed on the fly, we don't know the hash of the file.
But we'd still like to serve it with a "static" tag so that it can avoid
situations.

-b

On Wed, Jul 15, 2015 at 6:28 PM, Martin Thomson <martin.thomson@gmail.com>
wrote:

> On 15 July 2015 at 10:13, Guille -bisho- <bishillo@gmail.com> wrote:
> > If corruption is still a concern (not sure if it is because https will
> give
> > us better integrity guarantees), what about an optional checksum?
> > static=<type>:<hash> like static=SHA1:###... ?
>
>
> At that point you are reinventing SRI.  Which suggests that SRI is a
> signal that user agents could use, and might be all that is necessary.
>

Received on Wednesday, 15 July 2015 22:40:21 UTC