W3C home > Mailing lists > Public > http-caching-historical@w3.org > February 1996

Re: "Cache-control: no-cache", "Cache-control: private", and , extensibility

From: Roy T. Fielding <fielding@avron.ICS.UCI.EDU>
Date: Tue, 20 Feb 1996 14:44:22 -0800
To: Jeffrey Mogul <mogul@pa.dec.com>
Cc: HTTP Caching Subgroup <http-caching@pa.dec.com>
Message-Id: <9602201444.aa11937@paris.ics.uci.edu>
> Roy then managed to confuse me again by objecting to my proposal
> for "Cache-control: no-store" because it doesn't solve the
> eavesdropping problem, but I think this is an inconsistent position.

Sorry, I was thinking of the security issues that Lou brought up last
summer, and not anything like a CD-ROM archive.  I don't think it is
appropriate for cache-control to say anything beyond what is interesting
to a response cache.  I believe the PEP proposal has more to say about
things like what the recipient is allowed to do with a document
after it has been retrieved.

> Either the protocol spec says nothing about "storing" values, but
> confines itself to specifying when they may be "returned" from a
> cache ... or the spec DOES talk about when they can be stored, in
> which case it seems appropriate to give servers and users some
> control over this.

Like I said, the reason it says it currently is to prevent people from
wrongly assuming "no-cache" meant that the user is not allowed to save
the entity after viewing it.  It could do with some better wording.


 ...Roy T. Fielding
    Department of Information & Computer Science    (fielding@ics.uci.edu)
    University of California, Irvine, CA 92717-3425    fax:+1(714)824-4056
    http://www.ics.uci.edu/~fielding/
Received on Tuesday, 20 February 1996 23:08:59 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 28 November 2008 20:51:42 GMT