- From: Jeffrey Mogul <mogul@pa.dec.com>
- Date: Tue, 09 Apr 96 15:18:40 MDT
- To: koen@win.tue.nl (Koen Holtman)
- Cc: http-caching@pa.dec.com
Koen suggests:
The presence of ``must-revalidate'' must be seen as a signal by the
service author that the service of which this resource is a part
may fail to work correctly if the resource is not revalidated every
time. Presence of ``must-revalidate'' instead of ``max-age=0''
indicates that the service author finds that, in case that
revalidation is not possible, the return of a 504 (Gateway Timeout)
error response is more desirable than the showing of an unvalidated
response from cache with a warning.
User agents SHOULD NOT disregard ``must-revalidate'' directives,
except maybe if the user has indicated that there are exceptional
constraints on the usage of network resources. Every time the
revalidation of a response with a ``must-revalidate'' directive
fails or is omitted, the user agent MUST explicitly warn the user
of the fact that the service author indicated that this may cause
the service accessed to work incorrectly.
I think this is basically the right approach, but I'd reword it
to be more prescriptive and somewhat more concise:
Note: servers should send the ``must-revalidate'' directive if and
only if failure to revalidate a request on the entity could result
in significantly incorrect operation, such as a silently unexecuted
financial transaction. Recipients MUST not take any automated
action that violates this directive, and MUST not automatically
provide an unvalidated copy of the entity if revalidation fails.
Although this is not recommended, user agents operating under
severe connectivity constraints may violate this directive but if
so, MUST explicitly warn the user that an unvalidated response has
been provided. The warning MUST be provided on each unvalidated
access, and SHOULD require explicit user confirmation.
-Jeff
Received on Tuesday, 9 April 1996 22:27:26 UTC