The current web caching infrastructure, though it has a number of
performance benefits for clients and network providers, does not meet
publishers' requirements. We argue that to satisfy these requirements,
caches should be enhanced in both the data and control planes.  In the
data plane, caches will dynamically generate content for clients by
running code provided by publishers.  In the control plane, caches
will return logs of client accesses to publishers. In this paper, we 
introduce Gemini, a system which has both of these capabilities, and
discuss two of its key components: security and incremental
deployment. Since Gemini caches are deeply involved in content
preparation and logging, ensuring that they perform correctly is
vital.  Traditional end-to-end security mechanisms are not sufficient
to protect clients and publishers, so we introduce a new security
model which consists of two pieces: an authorization mechanism and a
verification mechanism.  The former allows a publisher to authorize a
set of caches to run its code and serve its content, while the latter
allows clients and publishers to probabilistically verify that
authorized caches are operating correctly.  Because it is unrealistic
to assume that Gemini caches will be deployed everywhere simultaneously,
 we have designed the system to be incrementally deployable and to
coexist with legacy clients, caches, and servers. Finally, we describe
our implementation of Gemini and present preliminary performance results.