[cflat]

DNS is not content.

HTTP caches were always problematic from a business perspective. Great for downloading large binaries (installs) but problematic when they don’t expire as expected, or if content needs to change for contractual reasons.

[joshuamorton]

Tell that to cloudflare.

It's not like you're forced to cache things if it doesn't work for your business case.

[Spivak]

I mean you’re the one who gets to decide how long the signature is valid for just like you can choose your TTL in DNS. And a malicious cache can’t continue to serve stale content because browsers will reject it. You get a hard guarantee that your TTL will be respected.