- From: Jeffrey Mogul <mogul@pa.dec.com>
- Date: Tue, 09 Apr 96 15:18:40 MDT
- To: koen@win.tue.nl (Koen Holtman)
- Cc: http-caching@pa.dec.com
Koen suggests: The presence of ``must-revalidate'' must be seen as a signal by the service author that the service of which this resource is a part may fail to work correctly if the resource is not revalidated every time. Presence of ``must-revalidate'' instead of ``max-age=0'' indicates that the service author finds that, in case that revalidation is not possible, the return of a 504 (Gateway Timeout) error response is more desirable than the showing of an unvalidated response from cache with a warning. User agents SHOULD NOT disregard ``must-revalidate'' directives, except maybe if the user has indicated that there are exceptional constraints on the usage of network resources. Every time the revalidation of a response with a ``must-revalidate'' directive fails or is omitted, the user agent MUST explicitly warn the user of the fact that the service author indicated that this may cause the service accessed to work incorrectly. I think this is basically the right approach, but I'd reword it to be more prescriptive and somewhat more concise: Note: servers should send the ``must-revalidate'' directive if and only if failure to revalidate a request on the entity could result in significantly incorrect operation, such as a silently unexecuted financial transaction. Recipients MUST not take any automated action that violates this directive, and MUST not automatically provide an unvalidated copy of the entity if revalidation fails. Although this is not recommended, user agents operating under severe connectivity constraints may violate this directive but if so, MUST explicitly warn the user that an unvalidated response has been provided. The warning MUST be provided on each unvalidated access, and SHOULD require explicit user confirmation. -Jeff
Received on Tuesday, 9 April 1996 22:27:26 UTC