Re: dont-revalidate Cache-Control header

> On 15 Jul 2015, at 7:13 pm, Guille -bisho- <bishillo@gmail.com> wrote:
> 
> 
> On Tue, Jul 14, 2015 at 5:36 AM, Ben Maurer <ben.maurer@gmail.com> wrote:
> static
> 
> If corruption is still a concern (not sure if it is because https will give us better integrity guarantees), what about an optional checksum? static=<type>:<hash> like static=SHA1:###... ?
> 
> That could help preventing corruption for items that are going to stay in cache forever. It doesn't need to be mandatory neither on origin nor clients to validate it, but intermediate proxies/browsers can be more sure that the content they are storing is non-corrupted.

At the least, we should have language to the effect that this directive (however conveyed) is only valid if the response is complete, and connection close was NOT used to delimit the response.



--
Mark Nottingham   https://www.mnot.net/

Received on Thursday, 16 July 2015 09:26:16 UTC