- From: Roy T. Fielding <fielding@avron.ICS.UCI.EDU>
- Date: Tue, 20 Feb 1996 14:44:22 -0800
- To: Jeffrey Mogul <mogul@pa.dec.com>
- Cc: HTTP Caching Subgroup <http-caching@pa.dec.com>
> Roy then managed to confuse me again by objecting to my proposal > for "Cache-control: no-store" because it doesn't solve the > eavesdropping problem, but I think this is an inconsistent position. Sorry, I was thinking of the security issues that Lou brought up last summer, and not anything like a CD-ROM archive. I don't think it is appropriate for cache-control to say anything beyond what is interesting to a response cache. I believe the PEP proposal has more to say about things like what the recipient is allowed to do with a document after it has been retrieved. > Either the protocol spec says nothing about "storing" values, but > confines itself to specifying when they may be "returned" from a > cache ... or the spec DOES talk about when they can be stored, in > which case it seems appropriate to give servers and users some > control over this. Like I said, the reason it says it currently is to prevent people from wrongly assuming "no-cache" meant that the user is not allowed to save the entity after viewing it. It could do with some better wording. ...Roy T. Fielding Department of Information & Computer Science (fielding@ics.uci.edu) University of California, Irvine, CA 92717-3425 fax:+1(714)824-4056 http://www.ics.uci.edu/~fielding/
Received on Tuesday, 20 February 1996 23:08:59 UTC