Re: Concepts to improve Http2.0

On 29/07/2016 11:07 p.m., Mark Nottingham wrote:
> On 29 Jul 2016, at 9:50 AM, Amos Jeffries wrote:
>> On 28/07/2016 6:30 p.m., Poul-Henning Kamp wrote:
>>> --------
>>> In message <em51dddd7f-de76-4e87-abcb-0f315b115499@bodybag>, "Adrien de Croy" w
>>> rites:
>>>> The problem with deferring headers in responses to after content, is=20
>>>> that proxies often make policy decisions based on response headers, and=20
>>>> therefore need these to be all up front.
>>>> Trailers for this reason are also a problem
>>> We talked about this in the workshop, and yes, trailers *in general*
>>> is a problem, but the specific trailers people care about are not.
>>> The trailers people ask for, as far as I understood:
>>> 	Etag
>>> 	Set-cookie
>>> 	Cache-Control(/Expires/Age)
>>> They are *not* a problem.
>> Technically true. But those last three are exceedingly annoying if
>> pushed into Trailers. Verging on being an outright attack. Since we
>> reserve cache space and do a lot of storage activity before finding out
>> whether its actually not cacheable after all. Usually something else
>> potentially useful got discarded to make room for it as well.
> Trailer: ETag would probably be a good hint about that...

By the last three I was meaning "Cache-Control(/Expires/Age)" in PHK's list.

Taking a second thought about it there are also some hidden security
considerations around potentially storing the reply to non-volatile
storage when a 'Cache-Control:no-store' is deferred to Trailers.


Received on Friday, 29 July 2016 11:41:06 UTC