Re: #430 / #268 - definition of "public" from David Morris on 2013-01-30 (ietf-http-wg@w3.org from January to March 2013)

From: David Morris <dwm@xpasc.com>
Date: Wed, 30 Jan 2013 13:37:37 -0800 (PST)
cc: "'HTTP Working Group'" <ietf-http-wg@w3.org>
Message-ID: <alpine.LRH.2.01.1301301334410.28219@egate.xpasc.com>

On Wed, 30 Jan 2013, Roy T. Fielding wrote:
  
> Yes.  Generally speaking, if the origin server puts two mutually
> exclusive directives in the same header field, they want the
> recipient to apply the most lenient one to which they are fully
> compliant (i.e., the same principle we define for extensions).
> 
> If the origin server doesn't want that, then it doesn't send public.
> 
> I don't see anything vague about it (at least no more vague than the
> concept of caching itself).  And keep in mind that this is only a
> MAY for caches: they don't have to cache it; they have permission to.

Ummm ... that interpretation applied to a conflict in a privacy setting
makes no sense ... a conflcit regarding privacy and/or security must
always be resolved with the most restrictive directive.

Received on Wednesday, 30 January 2013 21:38:10 UTC