W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2010

Re: Questions (errata?) about caching authenticated responses [#174]

From: Roy T. Fielding <fielding@gbiv.com>
Date: Tue, 8 Jun 2010 14:22:57 -0700
Cc: Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>
Message-Id: <43D0C31D-F1D8-466F-809D-733762D144E4@gbiv.com>
To: Henrik Nordström <henrik@henriknordstrom.net>
On Jun 8, 2010, at 12:08 AM, Henrik Nordström wrote:

> mån 2010-06-07 klockan 19:40 -0700 skrev Roy T. Fielding:
>> Wouldn't it be easier to just say Authorization implies
>> "Cache-control: private" unless explicitly given otherwise?
> 
> What is "explicitly given otherwise"? There is no directive which
> explicitly negates private. Cache-Control directives all adds up to the
> status of the response, restricting the bounds of caching or softly
> extending it. There technically is no conflict in "Cache-Control:
> private, public, s-maxage=100000" even if the "public, s-maxage=100000"
> part is redundant. (private MUST NOT, public/s-max-age MAY)

No, if "Cache-control: public" is given then it overrides any
default in the protocol semantics.  I meant that private is the new
default for that response, not that private would appear in Cache-control.

> I don't see how to get out of this without explicitly stating which
> directives overrides the implicit "private". And referencing to the
> authenticated state as an implicit "private" only adds confusion I
> think, reducing the meaning of MUST NOT unless worded carefully.

And I don't understand how that is confusing.  Implicit == default.
The only reason "public" exists is to override that default when,
for whatever reason, the default is private or no-cache.

....Roy
Received on Tuesday, 8 June 2010 21:23:28 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:20 GMT