Re: "Cache-control: no-cache", "Cache-control: private", and , extensibility

> Roy then managed to confuse me again by objecting to my proposal
> for "Cache-control: no-store" because it doesn't solve the
> eavesdropping problem, but I think this is an inconsistent position.

Sorry, I was thinking of the security issues that Lou brought up last
summer, and not anything like a CD-ROM archive.  I don't think it is
appropriate for cache-control to say anything beyond what is interesting
to a response cache.  I believe the PEP proposal has more to say about
things like what the recipient is allowed to do with a document
after it has been retrieved.

> Either the protocol spec says nothing about "storing" values, but
> confines itself to specifying when they may be "returned" from a
> cache ... or the spec DOES talk about when they can be stored, in
> which case it seems appropriate to give servers and users some
> control over this.

Like I said, the reason it says it currently is to prevent people from
wrongly assuming "no-cache" meant that the user is not allowed to save
the entity after viewing it.  It could do with some better wording.


 ...Roy T. Fielding
    Department of Information & Computer Science    (fielding@ics.uci.edu)
    University of California, Irvine, CA 92717-3425    fax:+1(714)824-4056
    http://www.ics.uci.edu/~fielding/

Received on Tuesday, 20 February 1996 23:08:59 UTC