W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > May to August 2000

Questions (errata?) about caching authenticated responses

From: Duane Wessels <wessels@ircache.net>
Date: Wed, 19 Jul 2000 23:47:59 -0600
To: http-wg@cuckoo.hpl.hp.com
Message-ID: <Pine.SGI.4.10.10007192325560.19376-100000@surf.ircache.net>
I've been reading RFCs 2616 and 2617 about caching authenticated
responses, and have possibly found some inconsistencies.

#1.     The very last sentence of Sec 14.9.4 (under proxy-revalidate)
	says: ``...such authenticated responses also need the public
	cache control directive in order to allow them to be cached at
	all''

	Yet, Sec 14.8 lists three cache-control directives that allow a
	shared cache to reuse an authenticatd response: s-maxage,
	must-revalidate, and public.

#2.	If must-revalidate alone is enough to allow an authenticated
	response to be cached, and if proxy-revalidate is the same
	as must-revalidate for a shared cache, is proxy-revalidate
	alone enough to allow an authenticated response to be cached?

	If so, should proxy-revalidate be listed in section 14.8?

#3.	RFC 2617, Sec 3.2.2.5 says:

	    when a shared cache ... has received a request containing
	    an Authorization header and a response from relaying that
	    request, it MUST NOT return that response as a reply to any
	    other request, unless one of two Cache-Control (see section
	    14.9 of [RFC2616]) directives was present in the response.

	I believe this is referring to section 14.8, rather than 14.9,
	and "two" is not the right number?

Finally, Sec 14.8 doesn't mention if a non-shared cache needs to treat
an authenticated response specially.  I assume that a non-shared
cache can store and reuse an authenticated response by default.
Should that be made explicit?

Duane W.
Received on Thursday, 20 July 2000 06:48:40 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:33:38 EDT