I've been reading RFCs 2616 and 2617 about caching authenticated responses, and have possibly found some inconsistencies. #1. The very last sentence of Sec 14.9.4 (under proxy-revalidate) says: ``...such authenticated responses also need the public cache control directive in order to allow them to be cached at all'' Yet, Sec 14.8 lists three cache-control directives that allow a shared cache to reuse an authenticatd response: s-maxage, must-revalidate, and public. #2. If must-revalidate alone is enough to allow an authenticated response to be cached, and if proxy-revalidate is the same as must-revalidate for a shared cache, is proxy-revalidate alone enough to allow an authenticated response to be cached? If so, should proxy-revalidate be listed in section 14.8? #3. RFC 2617, Sec 3.2.2.5 says: when a shared cache ... has received a request containing an Authorization header and a response from relaying that request, it MUST NOT return that response as a reply to any other request, unless one of two Cache-Control (see section 14.9 of [RFC2616]) directives was present in the response. I believe this is referring to section 14.8, rather than 14.9, and "two" is not the right number? Finally, Sec 14.8 doesn't mention if a non-shared cache needs to treat an authenticated response specially. I assume that a non-shared cache can store and reuse an authenticated response by default. Should that be made explicit? Duane W.Received on Wednesday, 19 July 2000 22:50:51 UTC
This archive was generated by hypermail 2.4.0 : Thursday, 2 February 2023 18:43:07 UTC