When you revalidate, make sure that you aren't revalidating unauthent…

…icated gunk
httpwg · Jan 2, 2017 · 3c395ff · 3c395ff
1 parent ab3ddc6
commit 3c395ff
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/draft-ietf-httpbis-http2-encryption.md b/draft-ietf-httpbis-http2-encryption.md
@@ -201,6 +201,11 @@ Any strongly authenticated alternative service can provide this response.  That
 the http-opportunistic response is valid, any authenticated alternative service can be used for
 that origin.
 
+Clients that use cached http-opportunistic responses MUST ensure that their cache is cleared of
+any responses that were acquired over an unauthenticated connection.  Revalidating an
+unauthenticated response using an authenticated connection does not ensure the integrity of the
+response.
+
 
 # IANA Considerations