W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2000

Questions (errata?) about caching authenticated responses

From: Duane Wessels <wessels@ircache.net>
Date: Wed, 19 Jul 2000 23:47:59 -0600
To: http-wg@cuckoo.hpl.hp.com
Message-ID: <Pine.SGI.4.10.10007192325560.19376-100000@surf.ircache.net>
X-Mailing-List: <http-wg@cuckoo.hpl.hp.com> archive/latest/811
I've been reading RFCs 2616 and 2617 about caching authenticated
responses, and have possibly found some inconsistencies.

#1.     The very last sentence of Sec 14.9.4 (under proxy-revalidate)
	says: ``...such authenticated responses also need the public
	cache control directive in order to allow them to be cached at

	Yet, Sec 14.8 lists three cache-control directives that allow a
	shared cache to reuse an authenticatd response: s-maxage,
	must-revalidate, and public.

#2.	If must-revalidate alone is enough to allow an authenticated
	response to be cached, and if proxy-revalidate is the same
	as must-revalidate for a shared cache, is proxy-revalidate
	alone enough to allow an authenticated response to be cached?

	If so, should proxy-revalidate be listed in section 14.8?

#3.	RFC 2617, Sec says:

	    when a shared cache ... has received a request containing
	    an Authorization header and a response from relaying that
	    request, it MUST NOT return that response as a reply to any
	    other request, unless one of two Cache-Control (see section
	    14.9 of [RFC2616]) directives was present in the response.

	I believe this is referring to section 14.8, rather than 14.9,
	and "two" is not the right number?

Finally, Sec 14.8 doesn't mention if a non-shared cache needs to treat
an authenticated response specially.  I assume that a non-shared
cache can store and reuse an authenticated response by default.
Should that be made explicit?

Duane W.
Received on Wednesday, 19 July 2000 22:50:51 UTC

This archive was generated by hypermail 2.4.0 : Thursday, 2 February 2023 18:43:07 UTC