- From: Jeffrey Mogul <mogul@pa.dec.com>
- Date: Tue, 20 Feb 96 19:16:46 PST
- To: http-caching@pa.dec.com
- Cc: masinter@parc.xerox.com
You all probably noticed a lot of activity today. Partly that was
because Roy is trying to catch up on his mail. Partly it's because I'm
trying to catch up on my mail, and more specifically because about 24
hours from now I'll be disconnecting myself from civilization (no
phone, and certainly no computer) for a vacation until March 3.
Anyone who wants to beat me up about something had better do it in the
next 20 hours or so. Anyone who wants to wait until I'm gone so that I
won't have a chance to defend myself ... if you really want to, that's
fine with me.
Anyone who wants to get off this mailing list better send mail to
http-caching-request@pa.dec.com ASAP.
Larry has asked me to try to come up with a list of things we agree on,
and a list of things we don't agree on. That's what this message is
about, to the best of my ability. Please don't quibble about minor
details; the point of this is to help guide Larry to decide what needs
to be discussed at the LA IETF meeting, and it would be sad to waste
that time arguing about stuff that has no real importance.
Anyway, what follows are two rather terse lists. The first is "stuff
we agree on" and the second is "stuff we disagree on or haven't really
tackled yet." I'm sure I have left stuff off of both lists, and
perhaps I've put something on the "agree" list that doesn't deserve to
be there.
The "disagree" list is rank-ordered (my crude ranking) solely to
provide some guidance to Larry about scheduling.
-Jeff
----------------------------------------------------------------
"Agreed:"
Expires: and Cache-control: max-age=NNN
(1) Origin servers may send either or both of
Expires:
and
Cache-control: max-age=N
on responses
(2) If both are sent, an HTTP/1.1 implementation SHOULD
obey the Cache-control: max-age=N directive, and so SHOULD ignore
the Expires field value.
(2b) but HTTP/1.0 implementations will ignore it, so servers
SHOULD NOT depend on a cache obeying that directive.
The behavior of max-age in a response should be equivalent to
what would occur if this response had an Expires: field
specifying the same number of seconds since its Date: field,
but max-age overrides an explicit Expires: value.
Expiration semantics
A cache may keep an entry past its expiration time, but
MUST NOT provide this value as a response unless it has
been revalidated with the origin server.
A user or cache administrator may override that "MUST NOT"
with an explicit request, and if the resulting known-stale
response is explicitly flagged to the user as being stale.
Age calculations:
There will be an Age: header.
In order to know if a cached entry is fresh, a cache needs to
know if its age exceeds its freshness lifetime. The latter can be
reliably calculated as Expires: - Date:, or from Cache-control:
max-age=NNN (which takes priority).
An entry's age can be calculated in two independent ways:
now - Date:
if the clocks are reasonably well synchronized
Sum of "time resident in cache" for all caches involved,
using the Age: header
if all of the caches support Age:
Given that we have two independent ways to compute the age,
we can combine these as
age = max(now - Date:, Age:)
and as long as we have either synchronized clocks or all-HTTP/1.1
paths, one gets a reliable (conservative) result. The purpose
of the Age: header is to pass this value along to the next
recipient cache.
Note that this correction can be applied at each HTTP/1.1 cache
along the path, so that if there is an HTTP/1.0 cache in the path,
the correct age is computed as long as the receiving cache's clock
is in sync. We don't need end-to-end clock synchronization
(although it is good to have), and there is no explicit clock
synchronization step.
"Cache-control: private" vs. "Cache-control: no-cache"
(1) "Cache-control: private" remains as in Roy's draft, but
with a mention of extensibility explicitly included.
Single-user-agent caches are effectively allowed to ignore this
directive.
(2) "Cache-control: no-cache" is defined to mean exactly the
same thing as "Cache-control: private", but with no exception
for user-agent caches.
(3) We add "Cache-control: no-store", which applies to the
entire message and may be sent either in a response or in a
request. If sent in a request, it means "do not store any part
of either this request or any response to it." If sent in a
response, it means "do not store any part of either this
response or the request that elicited it." This applies to both
single-user and shared caches. Caches should obey it but we
explicitly caution against depending on it as a privacy
mechanism. Users may explicitly store such responses outside
of the caching system (e.g., with a "Save as" dialog.
History buffers may store such responses as part of their
normal operation.
Cache-control: stale-max=NNN, fresh-min=NNN
Necessary for user-centric control over freshness parameters.
Cache-control: public
Overrides restrictions on caching responses to requests
with Authorization: headers
Warnings:
We will add a "Warning:" header to the HTTP/1.1 protocol,
allowing a server (origin or cache) to provide machine-readable
and human-readable information to supplement the HTTP status
code.
Ranges:
Ari Luotonen will submit a revised proposal, describing
the interactions between Range: and validation headers
(If-Valid, If-Invalid, If-Modified-Since).
Location: and spoofing
We agree that the spec should prevent this
Hit metering:
We will include a simple and optional hit-counting mechanism.
History buffers:
The spec will make a clear distinction between these and caches
----------------------------------------------------------------
"Not agreed"
(1) Transparency vs. performance: basic philosophy
(2) Shall Opaque validators (If-invalid/If-valid) and If-modified-since:
be the only cache-validation conditions?
(3) Use of Content-ID for validation and variant identification: yes or no
(4) Vary: proposal
(5) Variant-IDs: yes or no
(6) Do we need HTTP protocol elements to control history buffers?
(7) When neither the Expires: header nor Cache-control: max-age is sent,
should the rules determining what assumptions a cache can make about
the expiration date depend on whether the origin server is HTTP/1.0 or
HTTP/1.1?
(8) Volume validation: yes or no
(9) Caching and POSTs
(10) Caching and PUTs
(11) Can we do anything to help support bypassing?
Received on Wednesday, 21 February 1996 03:40:51 UTC