W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2010

Re: Questions (errata?) about caching authenticated responses [#174]

From: Mark Nottingham <mnot@mnot.net>
Date: Wed, 2 Jun 2010 14:54:31 +1000
Cc: HTTP Working Group <ietf-http-wg@w3.org>, Duane Wessels <wessels@packet-pushers.com>, JeffMogul@acm.org
Message-Id: <F5E2F7FB-073E-4F13-9EDF-5683D0B007C2@mnot.net>
To: Henrik Nordstrom <henrik@henriknordstrom.net>
Picking this issue back up and CC:ing Jeff for his recollections (see <http://trac.tools.ietf.org/wg/httpbis/trac/ticket/174> for background).

On 26/07/2009, at 2:06 AM, Henrik Nordstrom wrote:

> Going back reading RFC2068 for a while... and there the picture is quite
> different when it comes to proxy-revalidate in authenticated responses:
> 
>     1. If the response includes the "proxy-revalidate" Cache-Control
>        directive, the cache MAY use that response in replying to a
>        subsequent request, but a proxy cache MUST first revalidate it with
>        the origin server, using the request-headers from the new request
>        to allow the origin server to authenticate the new request.
>     2. If the response includes the "must-revalidate" Cache-Control
>        directive, the cache MAY use that response in replying to a
>        subsequent request, but all caches MUST first revalidate it with
>        the origin server, using the request-headers from the new request
>        to allow the origin server to authenticate the new request.
>     3. If the response includes the "public" Cache-Control directive, it
>        may be returned in reply to any subsequent request.
> 
> So it turns out that what have happened with respect to proxy-revalidate
> is that the MAY rule regarding proxy-revalidate was lost from this
> section when s-maxage was added in RFC2616. Probably an editorial error
> when introducing s-maxage, alternatively (but less likely) there may
> have been discussions to remove proxy-revalidate entirely as the
> definition of s-maxage makes proxy-revalidate redundant, but then this
> text was never added back when it was decided to keep proxy-revalidate.

Here's what I think happened. RFC2068 included this text in 13.2.1:

> If an origin server wishes to force any HTTP/1.1 cache, no matter how
> it is configured, to validate every request, it should use the
> "must-revalidate" Cache-Control directive (see section 14.9).


even though 14.9 of the same document says:

> When the must-revalidate directive is
> present in a response received by a cache, that cache MUST NOT use
> the entry after it becomes stale to respond to a subsequent request
> without first revalidating it with the origin server.


The former text mis-defining must-revalidate was removed from 2616, but not before it confused the authors of the Auth and Cookie specs, as noted in <http://tools.ietf.org/html/draft-mogul-http-revalidate-00>.


> Proposed resolution to the proxy-revalidate issue: Simply add back the
> text from 1. above where it was nly correcting the text to say "shared
> cache" where it said "proxy", at least for now. This makes
> specifications consistent with what was specified in RFC2068 and what
> one would expect from "use as few cache-control verbs as needed".

There was a conscious decision in 2616 to remove the effects of the misinterpretation of must-revalidate from the spec, including in the Authorization header.   Moving back to the 2068 text would cause yet more confusion.

Additionally, 2616 explicitly says in the definition of proxy-revalidate:

> Note that such authenticated responses also need the public cache
> control directive in order to allow them to be cached at all.


Counter-proposal:

Add a new section to p6:

---8<---
Shared Caching of Authenticated Responses

Shared caches MUST NOT use a cached response to a request with an Authorization [ref] header to satisfy any subsequent request unless a cache directive that allows such responses to be stored is present in the response.

In this specification, the following Cache-Control response directives [ref] have such an effect: must-revalidate, public, s-maxage.

Note that cached responses that contain the "must-revalidate" and/or "s-maxage" response directives are not allowed to be served stale [ref] by shared caches. In particular, a response with either "max-age=0, must-revalidate" or "s-maxage=0" cannot be used to satisfy a subsequent request without revalidating it on the origin server. 
--->8---

... with appropriate changes to p6 2.1, 2.2, as well as the definitions of the Auth header and appropriate CC directives.


> Regarding must-revalidate it may well be the case that this should be
> restricted to say "non-shared caches" instead of "the cache" for the
> reason outlined before, but if in doubt one can always use
> private/public to specify what you intended so it's not that critical.
> It's been specified like this "for ever".

Non-shared caches aren't affected by the Authentication header.


> Hmm.. on a second reading I notice "private" is missing in this section.
> A shared cache MUST NOT use a response with "private", especially not
> when there is authentication involved... Current text kind of implies a
> shared cache is allowed to cache those as long as it always revalidates
> on every request IF the request was authenticated but not otherwise..
> which is nonsense. (with it being nonsense I surely hope noone have
> implemented their shared caches in such manner..)


Are you referring to 2068 text or HTTPbis text here?

Cheers,

--
Mark Nottingham     http://www.mnot.net/
Received on Wednesday, 2 June 2010 04:54:34 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:19 GMT