Re: Cache-control: public

> Can I take it that we have a consensus on this:
> 
>     Cache-control: public
> 	means that a response including an Authorization: header
> 	may be returned from a cache entry, overriding the
> 	restriction of Section 10.6.

Actually, it is "a response to a request which included an Authorization
header field" -- the restriction in 10.6 would need to be updated.

> with the understanding that as the HTTP security model evolves,
> we may need to extend or modify this?

I suppose, but I can't think of any security model that would change it.

> With that in the specification, what (if any) meaning is is
> left for "Cache-control: cachable"?  That is, how does a response
> containing this directive differ from a response not containing
> it?  Does "Cache-control: cachable" override other "do not cache"
> parts of the spec (other than section 10.6)?  Or was this the only
> intended purpose?

"public" would replace "cachable" -- it is simply a better name.
I think it would also override the non-cachable default on methods other
than GET and HEAD -- the current wording in draft 00 is too restrictive
in the method sections.

.....Roy

Received on Thursday, 11 January 1996 19:19:31 UTC