- From: Duane Wessels <wessels@ircache.net>
- Date: Wed, 19 Jul 2000 23:47:59 -0600
- To: http-wg@cuckoo.hpl.hp.com
I've been reading RFCs 2616 and 2617 about caching authenticated responses, and have possibly found some inconsistencies. #1. The very last sentence of Sec 14.9.4 (under proxy-revalidate) says: ``...such authenticated responses also need the public cache control directive in order to allow them to be cached at all'' Yet, Sec 14.8 lists three cache-control directives that allow a shared cache to reuse an authenticatd response: s-maxage, must-revalidate, and public. #2. If must-revalidate alone is enough to allow an authenticated response to be cached, and if proxy-revalidate is the same as must-revalidate for a shared cache, is proxy-revalidate alone enough to allow an authenticated response to be cached? If so, should proxy-revalidate be listed in section 14.8? #3. RFC 2617, Sec 3.2.2.5 says: when a shared cache ... has received a request containing an Authorization header and a response from relaying that request, it MUST NOT return that response as a reply to any other request, unless one of two Cache-Control (see section 14.9 of [RFC2616]) directives was present in the response. I believe this is referring to section 14.8, rather than 14.9, and "two" is not the right number? Finally, Sec 14.8 doesn't mention if a non-shared cache needs to treat an authenticated response specially. I assume that a non-shared cache can store and reuse an authenticated response by default. Should that be made explicit? Duane W.
Received on Wednesday, 19 July 2000 22:50:51 UTC