W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2011

Re: SHOULD-level requirements in p6-caching

From: Poul-Henning Kamp <phk@phk.freebsd.dk>
Date: Thu, 07 Apr 2011 09:35:33 +0000
To: Mark Nottingham <mnot@mnot.net>
cc: HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <54318.1302168933@critter.freebsd.dk>
In message <90400372-C89F-4E9C-92F6-D8F1A6AAD631@mnot.net>, Mark Nottingham writes:

>In 2.5, 
>>    A cache that passes through requests with methods it does not
>>    understand SHOULD invalidate the effective request URI (Section 4.3
>>    of [Part1]).
>I'm not sure why this is a SHOULD when all of the other invalidation 
>side effects are MUST-level requirements. Can we raise this to a MUST as 

First off, what does "not understand" mean here ?

Does that cover a cache which goes "Ohh, POST, I don't do those:
pass it through" ?

Or does it only cover "XYZZY / HTTP/1.1" style requests ?

Second: Are we sure this complies with Principle Of Least Astonishment ?

Third: do we really want to give script kiddies their own private
standards-mandated cache-invalidation button ?

If anything, I would think it should be turned into a MUST NOT
requirement, reasoning that if you use privately defined requests,
you'd better think carefully about how that should work with client
side caches in the first place.

>In 3.2.1 (only-if-cached),
>>       If it receives this
>>       directive, a cache SHOULD either respond using a stored response
>>       that is consistent with the other constraints of the request, or
>>       respond with a 504 (Gateway Timeout) status code.

I must confess I have never understood this directive, nor been able to
come up with a non-hostile intent for using it.  Can anybody enlighten me ?

	"The only-if-cached request directive indicates that the client
	only wishes to return a stored response."

	s/return/receive/ ?

>In 3.3,
>>    A server SHOULD NOT send Expires dates more than one year in the
>>    future.

Why this policy restriction ?

Remove entirely ?

>In 3.4,
>>    When the no-cache directive is present in a request message, a cache
>>    SHOULD forward the request toward the origin server even if it has a
>>    stored copy of what is being requested.

Have you discussed the future of "Pragma:" before ?

I would like to see the text say that if there is a "Cache-Control:"
header "Pragma:" MUST be ignored, to resolve the possible conflicts
between them.

>In 3.5,
>>    A server SHOULD include a Vary header field with any cacheable
>>    response that is subject to server-driven negotiation.
>I can't decide if this needs to be a requirement; if it does, I think it 
>should be a MUST; if not, it should be prose. Thoughts?

This one is a nasty one.

Vary is a very crude mechanism in todays web, where objects are
customized to specific (browser, platform, extension) triplets.

For instance Varnish experience is that "Vary: User-Agent" reduces
cache hit rate by about two orders of magnitude.

Some sites "solve" this problem using a cookie instead.  However,
you cannot say "Vary: Cookie/my_idea_of_your_browser" to vary only
on a single cookie, so that doesn't really solve the cache problem.

This may be a good case for the geniuine SHOULD:  You really should,
unless you shouldn't because it breaks caching.

Related to this, we should think a moment about Google Analytics
here, since it tends to pollute all objects with Cookies, and "Vary:
Cookie" is implied (but not specified as I recall)

It would be incredibly beneficial for caching, if it were possible
to say "Vary: !Cookie" to indicate that the Cookies are not really
important anyway.


Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.
Received on Thursday, 7 April 2011 09:35:58 UTC

This archive was generated by hypermail 2.3.1 : Thursday, 1 October 2015 05:36:46 UTC