On Mon, Apr 13, 2015 at 7:03 PM, Martin Thomson <m...@mozilla.com> wrote:
> On Mon, Apr 13, 2015 at 3:53 PM, Eugene <imfasterthanneutr...@gmail.com> > wrote: > > In addition to APIs, I'd like to propose prohibiting caching any > resources loaded over insecure HTTP, regardless of Cache-Control header, in > Phase 2.N. > > This has some negative consequences (if only for performance). I'd > like to see changes like this properly coordinated. I'd rather just > treat "caching" as one of the features for Phase 2.N. > That seem sensible. I was about to propose a lifetime limit on caching (say a few hours?) to limit the persistence scope of MitM, i.e., require periodic re-infection. There may be ways to circumvent this (e.g., the MitM's code sending cache priming requests), but it seems incrementally better. --Richard > _______________________________________________ > dev-platform mailing list > dev-platform@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-platform > _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform