Re: ID for Immutable

Martin Thomson <> Sat, 29 October 2016 09:29 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 9C276129594 for <>; Sat, 29 Oct 2016 02:29:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -6.932
X-Spam-Status: No, score=-6.932 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_SORBS_SPAM=0.5, RP_MATCHES_RCVD=-0.431, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id PWyPDfnrrbLo for <>; Sat, 29 Oct 2016 02:29:15 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 65C40129577 for <>; Sat, 29 Oct 2016 02:29:14 -0700 (PDT)
Received: from lists by with local (Exim 4.80) (envelope-from <>) id 1c0Pt4-0006wS-MW for; Sat, 29 Oct 2016 09:25:14 +0000
Resent-Date: Sat, 29 Oct 2016 09:25:14 +0000
Resent-Message-Id: <>
Received: from ([]) by with esmtps (TLS1.2:RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <>) id 1c0Psz-0006aP-7P for; Sat, 29 Oct 2016 09:25:09 +0000
Received: from ([]) by with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.84_2) (envelope-from <>) id 1c0Pst-000068-CG for; Sat, 29 Oct 2016 09:25:04 +0000
Received: by with SMTP id v138so22858980qka.0 for <>; Sat, 29 Oct 2016 02:24:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=eiwnS0rKBSr6/eCyQI1AWCDHGdnhu/LGO/UmYnLswEI=; b=y3/Utkbr6goVrCfhpgyE0AVgaWWCYobZoti9apmljehkkjtnLZ8pihEi0yROMwjC1D atmTxE0lNlfcf1B3vVZ7kvehd8NfM2n4QEVWYUdA5+I9AUqxx34q0WTRSgupQf+4tall MWlTOXygv6cLJDAvET51imKHBRjNhm16HnFdaJvCCaTOJ/290QOIyRbxqVaR+Xq+TGpo BlmyGLPtH3U/ZFD2vxCRVvlYW3WlVl7iXokFLxmIjHi/aPBzViUP42UxzBwYVKq1dx+G 2BcHlREPGXplHF3Q5zXpC3AIZzI+1Un5hNxwq5L1pYXH2LjQghv5dpVgblabcnoZr3JQ X3ug==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=eiwnS0rKBSr6/eCyQI1AWCDHGdnhu/LGO/UmYnLswEI=; b=NIMU2KsF373wLBN0VTrcZ6xwPdtDTQMTsDSSJ9wIgXITTkSDg7hhVjIpFDrYN2DQG4 xMk2+wjXN+E6S6CVYuGR9vIsPO5DiBPTjfzihmgAdchuKLqnYrTebMaMqAr20CY3cBm1 lUeTFmIa0slMaZVU8C7OVMWFE/kwAGXjBcBL/9+XUxfGO96DedxkFQJ191nXlYi5cdAy lmj9zrXng/u7AzzobFr9hmVHFBd1vsITVgchrEOIznJqKPtY47uKrvWZX98Qpnyz3KkY ZjnXh+P/YS2oCH/F4zJX7xdioxWJhAffl1CccofUZ2KeUDS6FzM0HBiwJSfpcCPCZnTD GdyA==
X-Gm-Message-State: ABUngvc+mS0T8kn9AsIcLUdymEBqtDMwoGB/JCBoQiXUzWFlL1lYnV6IxHECEn9cL4OzxXcUiPkeFQJE9qcSSg==
X-Received: by with SMTP id b69mr16363534qkg.144.1477733077063; Sat, 29 Oct 2016 02:24:37 -0700 (PDT)
MIME-Version: 1.0
Received: by with HTTP; Sat, 29 Oct 2016 02:24:36 -0700 (PDT)
In-Reply-To: <>
References: <> <> <> <> <>
From: Martin Thomson <>
Date: Sat, 29 Oct 2016 20:24:36 +1100
Message-ID: <>
To: Kari Hurtta <>
Cc: Patrick McManus <>, HTTP working group mailing list <>
Content-Type: text/plain; charset=UTF-8
Received-SPF: pass client-ip=;;
X-W3C-Hub-Spam-Status: No, score=-5.8
X-W3C-Hub-Spam-Report: AWL=-0.258, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RCVD_IN_SORBS_SPAM=0.5, SPF_PASS=-0.001, W3C_AA=-1, W3C_DB=-1, W3C_IRA=-1, W3C_WL=-1
X-W3C-Scan-Sig: 1c0Pst-000068-CG 7be005af26cf5929d0e40a7298f6596f
Subject: Re: ID for Immutable
Archived-At: <>
X-Mailing-List: <> archive/latest/32722
Precedence: list
List-Id: <>
List-Help: <>
List-Post: <>
List-Unsubscribe: <>

On 29 October 2016 at 16:49, Kari Hurtta <> wrote:
> So on these case that heuristic that ignore immutable for
> "weakly framed content" does not help either. 304 reply
> still confirms to the client to keep using the corrupted content.
> My suggestion using immutable=<property from bydy> for ignnoring
> immutable was making that more explicit than heuristic. But
> that does change  is that ignoring usefull or not.

We aren't really looking for perfect here.  Corruption happens, but is
highly unlikely in the cases that we use this:

Note that Firefox also requires HTTPS (I think).  So random corruption
is astronomically unlikely and well-framed responses (Content-Length
fits, it uses h2) mean that there is enough confidence that the
response was as the server intended.  The key thing for the document
is probably not to specify precisely what conditions that it would
consider this safe to use, but to note that a degree of care might be
needed to avoid having broken responses cached.

Yes, the server might screw up, but the client won't be responsible
for that.  The server needs to create a new resource to fix it.  Or
maybe user will notice a problem and reload.