On Jun 8, 2010, at 12:08 AM, Henrik Nordström wrote: > mån 2010-06-07 klockan 19:40 -0700 skrev Roy T. Fielding: >> Wouldn't it be easier to just say Authorization implies >> "Cache-control: private" unless explicitly given otherwise? > > What is "explicitly given otherwise"? There is no directive which > explicitly negates private. Cache-Control directives all adds up to the > status of the response, restricting the bounds of caching or softly > extending it. There technically is no conflict in "Cache-Control: > private, public, s-maxage=100000" even if the "public, s-maxage=100000" > part is redundant. (private MUST NOT, public/s-max-age MAY) No, if "Cache-control: public" is given then it overrides any default in the protocol semantics. I meant that private is the new default for that response, not that private would appear in Cache-control. > I don't see how to get out of this without explicitly stating which > directives overrides the implicit "private". And referencing to the > authenticated state as an implicit "private" only adds confusion I > think, reducing the meaning of MUST NOT unless worded carefully. And I don't understand how that is confusing. Implicit == default. The only reason "public" exists is to override that default when, for whatever reason, the default is private or no-cache. ....RoyReceived on Tuesday, 8 June 2010 21:23:28 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:20 GMT