Re: ID for Immutable

> I do believe the lack of integrity protection in plaintext transfer is an
> important security consideration for immutable that suggests they should
> not be used together. I'm open to other wording on it for sure.. https://
> might be sufficient here.

I suspect that corruption (truncation most likely) happens then
between TLS termination (TLS ofloading, for example load balancer)
and web server.

Yes, reloading with conditional request does not help here either.

(And if load balancer caches this then any reloading probably
 does not help here. Specially if request cache-control
 header is ignored. )

/ Kari Hurtta


Received on Saturday, 29 October 2016 06:44:43 UTC