Re: Concepts to improve Http2.0 from Patrick McManus on 2016-07-29 (ietf-http-wg@w3.org from July to September 2016)

From: Patrick McManus <mcmanus@ducksong.com>
Date: Fri, 29 Jul 2016 08:38:41 -0400
To: Amos Jeffries <squid3@treenet.co.nz>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <CAOdDvNrrB+sq6wBHkhkzL8CKzmEpGnWge-zBFbhvxcWhxYfS7w@mail.gmail.com>

On Fri, Jul 29, 2016 at 7:40 AM, Amos Jeffries <squid3@treenet.co.nz> wrote:

>
> Taking a second thought about it there are also some hidden security
> considerations around potentially storing the reply to non-volatile
> storage when a 'Cache-Control:no-store' is deferred to Trailers.
>
>
Could indeed be true - that was part of the workshop discussion too. There
seemed to be general confidence that trailers could be exposed as separate
connection specific meta-data (i.e. here are your trailers that might
contain some debugging - they aren't headers) but whether or not they could
ever be treated semantically as headers (either generally or in specific
cases - which might have different answers) needed more work to determine.

Given that it is a connection level mechanism it might not be terribly
helpful though.

Received on Friday, 29 July 2016 12:39:19 UTC