- From: Roy T. Fielding <fielding@avron.ICS.UCI.EDU>
- Date: Tue, 20 Feb 1996 14:44:22 -0800
- To: Jeffrey Mogul <mogul@pa.dec.com>
- Cc: HTTP Caching Subgroup <http-caching@pa.dec.com>
> Roy then managed to confuse me again by objecting to my proposal
> for "Cache-control: no-store" because it doesn't solve the
> eavesdropping problem, but I think this is an inconsistent position.
Sorry, I was thinking of the security issues that Lou brought up last
summer, and not anything like a CD-ROM archive. I don't think it is
appropriate for cache-control to say anything beyond what is interesting
to a response cache. I believe the PEP proposal has more to say about
things like what the recipient is allowed to do with a document
after it has been retrieved.
> Either the protocol spec says nothing about "storing" values, but
> confines itself to specifying when they may be "returned" from a
> cache ... or the spec DOES talk about when they can be stored, in
> which case it seems appropriate to give servers and users some
> control over this.
Like I said, the reason it says it currently is to prevent people from
wrongly assuming "no-cache" meant that the user is not allowed to save
the entity after viewing it. It could do with some better wording.
...Roy T. Fielding
Department of Information & Computer Science (fielding@ics.uci.edu)
University of California, Irvine, CA 92717-3425 fax:+1(714)824-4056
http://www.ics.uci.edu/~fielding/
Received on Tuesday, 20 February 1996 23:08:59 UTC