[Uta] MTA-STS and HTTP cache control
Daniel Margolis <dmargolis@google.com> Sun, 20 August 2017 12:25 UTC
Return-Path: <dmargolis@google.com>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C83521321A8 for <uta@ietfa.amsl.com>; Sun, 20 Aug 2017 05:25:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pDzqCR7DYgs0 for <uta@ietfa.amsl.com>; Sun, 20 Aug 2017 05:25:11 -0700 (PDT)
Received: from mail-io0-x22a.google.com (mail-io0-x22a.google.com [IPv6:2607:f8b0:4001:c06::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 65514132125 for <uta@ietf.org>; Sun, 20 Aug 2017 05:25:11 -0700 (PDT)
Received: by mail-io0-x22a.google.com with SMTP id 1so9848424ioy.2 for <uta@ietf.org>; Sun, 20 Aug 2017 05:25:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=i/NceXtDn4jwHQEu3RrPtzAmbL1Lutra0wUDpYwpnnw=; b=b7DQ0ZjaMGdbi0MyRQu4mx+Clf4mHeh+aiN6YLnqr+EkYbQwrcDPOWPpOHgXcox71S zigodogLzQKKMgo6DGslDb558tIq5hm/XY1MHlEa0Nvv6oNLNJN+/M4XM8YizDqjJzO9 g1P3xbleDAoPcVbmaXk/6JeoUeA5aKORG2ScvjqAZgpeCVdvuyRk0mKhN6FRL/Tmd3t4 qo84tJB4FDWDsdvDOZaN4+YSESKLbcdowldO/0xtC39oWtjXFEFWwvkgLDAv7o/Xn3ES RwikrSQQwmKOB3YIe+RR3ewm/NssY4q6ZED8SAcGhkd4Jh/R+PbegyPOgKh7UnG7dtl7 Fspg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=i/NceXtDn4jwHQEu3RrPtzAmbL1Lutra0wUDpYwpnnw=; b=VIFerws0bJ4+l611BSGrb3i30KtDTBxh144neAenmdNJVXCx+lALM4fCfFrNg2BxMm xWLGmKu95BQX0hUpaf9e/f8oBvLXc2GkJIcNiOO/6yiTjUJZEVjyJMZ3X++qBomEHluy 4p7UD72ZM4L1IlbgueV+sMkewhpZEtnqSVIz47SZvYB55Z3go2SsnM5FBIIz7gTmPbv1 zRTgyBf58dIoTU2su+hHq4unm2ebmjpy2FxN34pn39kmyno1hzv6g0XshilgyP7uVWm6 nyAhhMGqf+ptyM5wwLeARoEJY4EuWBaCb/JwKr4e6WZ7Y72AUa+gdx69rOFozL7TBDt5 hW9g==
X-Gm-Message-State: AHYfb5gvee9JMe1o/6ETyxR1P0bsZ6VL5vWfn26eZ0JycU/T8H2OmJgO BZ925ysDZTcrn/54eEYrNUwQX3KNof0MIW0=
X-Received: by 10.107.3.143 with SMTP id e15mr14120077ioi.308.1503231910081; Sun, 20 Aug 2017 05:25:10 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.107.133.159 with HTTP; Sun, 20 Aug 2017 05:25:09 -0700 (PDT)
From: Daniel Margolis <dmargolis@google.com>
Date: Sun, 20 Aug 2017 14:25:09 +0200
Message-ID: <CANtKdUdU_1O8t-Pg9oky6r-n=4b7C59pTdjZsU_xJEB0cw6Mjw@mail.gmail.com>
To: uta@ietf.org
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="001a113eb3560c03f805572e7451"
Archived-At: <https://mailarchive.ietf.org/arch/msg/uta/f3sZJ0kFF9r5GrfIgj_UlWNRDRU>
Subject: [Uta] MTA-STS and HTTP cache control
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 20 Aug 2017 12:25:14 -0000
For the policy caching, we deliberately chose not to use HTTP Cache-Control headers and, instead, use "max_age" in the response body because it avoids the case where someone is hosting a policy on a general purpose HTTP endpoint that has some other cache settings than they are aware of. (For example, I may have an existing website at www.example.com, and I choose to redirect policy.example.com to www.example.com; I may, additionally, have a site-wide setting for Cache-Control that I do not have the ability to change.) However, by the same logic, it's unclear to me if we should specify to implementors what their client behavior should be with respect to Cache-Control--should they honor it as per RFC 7234? Should they never cache? As-is, it's up to the sender to cache or not cache (as with any HTTP client), and thus policy publishers have to be a little careful and remember that during a forced policy refresh the sender may see an old policy file up until the Cache-Control forces them not to cache it. It seems somewhat easier to me to simply specify that HTTP caching should never be used (i.e. aside from the long-lived policy cache). Any objections?
- Re: [Uta] MTA-STS and HTTP cache control Viktor Dukhovni
- [Uta] MTA-STS and HTTP cache control Daniel Margolis
- Re: [Uta] MTA-STS and HTTP cache control Daniel Margolis
- Re: [Uta] MTA-STS and HTTP cache control Viktor Dukhovni