W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2010

Re: Questions (errata?) about caching authenticated responses [#174]

From: Mark Nottingham <mnot@mnot.net>
Date: Tue, 8 Jun 2010 11:33:34 +1000
Cc: HTTP Working Group <ietf-http-wg@w3.org>, Duane Wessels <wessels@packet-pushers.com>, JeffMogul@acm.org
Message-Id: <655B2511-49F3-468B-B874-E656FB5E5759@mnot.net>
To: Henrik Nordstrom <henrik@henriknordstrom.net>
I haven't heard any comment on this proposal. I *think* it accurately reflects what's in 2616, and AFAICT from the history, what's in 2616 was intentional. 


On 02/06/2010, at 2:54 PM, Mark Nottingham wrote:

> Counter-proposal:
> Add a new section to p6:
> ---8<---
> Shared Caching of Authenticated Responses
> Shared caches MUST NOT use a cached response to a request with an Authorization [ref] header to satisfy any subsequent request unless a cache directive that allows such responses to be stored is present in the response.
> In this specification, the following Cache-Control response directives [ref] have such an effect: must-revalidate, public, s-maxage.
> Note that cached responses that contain the "must-revalidate" and/or "s-maxage" response directives are not allowed to be served stale [ref] by shared caches. In particular, a response with either "max-age=0, must-revalidate" or "s-maxage=0" cannot be used to satisfy a subsequent request without revalidating it on the origin server. 
> --->8---
> ... with appropriate changes to p6 2.1, 2.2, as well as the definitions of the Auth header and appropriate CC directives.

Mark Nottingham     http://www.mnot.net/
Received on Tuesday, 8 June 2010 01:34:03 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:10:53 UTC