- From: Martin Thomson <mt@lowentropy.net>
- Date: Tue, 29 Apr 2025 14:11:32 +1000
- To: "Mark Nottingham" <mnot@mnot.net>, "Roy Fielding" <fielding@gbiv.com>
- Cc: ietf-http-wg@w3.org
On Sat, Apr 26, 2025, at 13:05, Mark Nottingham wrote: > It surprised me too, but it's a reasonable reading of the current spec. > The problem is that -- by necessity -- we don't specify or constrain > what the source of invalidations might be, and that can be read to > include invalidations *caused* by group membership. The domino effect seems pretty obvious here, but I think that the best approach would be to set expectations: only those resources that share one of the groups is affected. You don't then trigger invalidation logic again. Otherwise, incautious setup of groups could wipe your entire cache, which is a DoS attack recipe ingredient, if nothing else.
Received on Tuesday, 29 April 2025 04:11:58 UTC