- From: Kari Hurtta <hurtta-ietf@elmme-mailer.org>
- Date: Sat, 29 Oct 2016 09:44:09 +0300 (EEST)
- To: HTTP working group mailing list <ietf-http-wg@w3.org>, Patrick McManus <pmcmanus@mozilla.com>
- CC: Kari Hurtta <hurtta-ietf@elmme-mailer.org>
> I do believe the lack of integrity protection in plaintext transfer is an > important security consideration for immutable that suggests they should > not be used together. I'm open to other wording on it for sure.. https:// > might be sufficient here. I suspect that corruption (truncation most likely) happens then between TLS termination (TLS ofloading, for example load balancer) and web server. Yes, reloading with conditional request does not help here either. (And if load balancer caches this then any reloading probably does not help here. Specially if request cache-control header is ignored. ) / Kari Hurtta
Received on Saturday, 29 October 2016 06:44:43 UTC