W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > May to August 1998

ISSUE: revalidation

From: Richard Gray <rlgray@us.ibm.com>
Date: Mon, 13 Jul 1998 17:16:14 -0400
To: http-wg@cuckoo.hpl.hp.com
Message-Id: <5040300018162519000002L092*@MHS>
Having read both
http://www.ics.uci.edu/pub/ietf/http/draft-mogul-http-revalidate-01.txt, and
the diff version of rev-03, I am now confused about the Cache-control
revalidation directives, and their intended interaction with the Authorization
mechanism.

The text in 14.8 appears to allow me, as a proxy, to serve objects requiring
authorization, without first validating the user's credentials, as long as the
object is fresh.

14.9.4 seems to say that must-revalidate is not unconditional, but rather that
it only requires revalidation if the object is stale.
It further seems to say that proxy-revalidate can be used to require shared
proxies to authenticate each user.

So, an origin server should send both "proxy-revalidate" and "public" to force
revalidation?
If so, I think at the very least this should be added to the list in 14.8, and
that proxies ought to be required to revalidate in this case.
If not, I need educating.

Thank You,
Richard L. Gray
will code for chocolate
Received on Tuesday, 14 July 1998 00:27:07 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:33:19 EDT