- From: Richard Gray <rlgray@us.ibm.com>
- Date: Mon, 13 Jul 1998 17:16:14 -0400
- To: http-wg@cuckoo.hpl.hp.com
Having read both http://www.ics.uci.edu/pub/ietf/http/draft-mogul-http-revalidate-01.txt, and the diff version of rev-03, I am now confused about the Cache-control revalidation directives, and their intended interaction with the Authorization mechanism. The text in 14.8 appears to allow me, as a proxy, to serve objects requiring authorization, without first validating the user's credentials, as long as the object is fresh. 14.9.4 seems to say that must-revalidate is not unconditional, but rather that it only requires revalidation if the object is stale. It further seems to say that proxy-revalidate can be used to require shared proxies to authenticate each user. So, an origin server should send both "proxy-revalidate" and "public" to force revalidation? If so, I think at the very least this should be added to the list in 14.8, and that proxies ought to be required to revalidate in this case. If not, I need educating. Thank You, Richard L. Gray will code for chocolate
Received on Tuesday, 14 July 1998 00:27:07 UTC