W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2010

Re: Questions (errata?) about caching authenticated responses [#174]

From: Henrik Nordström <henrik@henriknordstrom.net>
Date: Tue, 08 Jun 2010 09:08:45 +0200
To: "Roy T. Fielding" <fielding@gbiv.com>
Cc: Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <1275980925.14286.11.camel@henriknordstrom.gameop.net>
mån 2010-06-07 klockan 19:40 -0700 skrev Roy T. Fielding:
> Wouldn't it be easier to just say Authorization implies
> "Cache-control: private" unless explicitly given otherwise?

What is "explicitly given otherwise"? There is no directive which
explicitly negates private. Cache-Control directives all adds up to the
status of the response, restricting the bounds of caching or softly
extending it. There technically is no conflict in "Cache-Control:
private, public, s-maxage=100000" even if the "public, s-maxage=100000"
part is redundant. (private MUST NOT, public/s-max-age MAY)

I don't see how to get out of this without explicitly stating which
directives overrides the implicit "private". And referencing to the
authenticated state as an implicit "private" only adds confusion I
think, reducing the meaning of MUST NOT unless worded carefully.

Regards
Henrik
Received on Tuesday, 8 June 2010 07:48:40 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:20 GMT