W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2005

Re: does no-store request invalidate?

From: Jeffrey Mogul <Jeff.Mogul@hp.com>
Date: Wed, 27 Jul 2005 14:38:47 -0700
Message-Id: <200507272138.j6RLclHA025876@wera.hpl.hp.com>
To: Alex Rousskov <rousskov@measurement-factory.com>
Cc: ietf-http-wg@w3.org

    Responses to HTTP requests with "Cache-control: no-store" are not
    cachable. Recently, we came across a cache that does not cache responses
    to no-store requests but also does not invalidate an older cached entity
    with the same URL. When future requests stop using no-store, the old
    cached entity is served.
    For example, the following happens in our test case:
      1. Client requests an entity A without using no-store.
      2. Cache proxies the transaction and caches the response (entity A).
      3. Client requests the same entity A using "Cache-control: no-store".
      4. Cache proxies the transaction and does NOT cache the response.
      5. Client requests the same entity A again, without using no-store.
      6. Cache serves the "old" entity A cached in step #2 above.
    Does the cache violate the intent of RFC 2616 in step #6? If yes, should
    that intent be made explicit (I cannot find any explicit rules
    prohibiting the above behavior)? 
I guess I share a big part of the responsibility for not getting
this issue clear in RFC2616.  To be honest, it's an unusual case;
all of the other cache-control directives are there to allow the
clients and servers to manipulate the externally-visible behavior
of a cache, and so it should be possible to work out the desired
behavior from the basic principles in section 13, especially these:

   Requirements for performance, availability, and disconnected
   operation require us to be able to relax the goal of semantic
   transparency. The HTTP/1.1 protocol allows origin servers, caches,
   and clients to explicitly reduce transparency when necessary.
   However, because non-transparent operation may confuse non-expert
   users, and might be incompatible with certain server applications
   (such as those for ordering merchandise), the protocol requires that
   transparency be relaxed

      - only by an explicit protocol-level request when relaxed by
        client or origin server

      - only with an explicit warning to the end user when relaxed by
        cache or client

However, no-store really has nothing to do with externally-visible
behavior, since there are other ways to get exactly the same
behavior (e.g., "cache-control: must-revalidate" in a response,
or "cache-control: no-cache" in a request).  The only reason
no-store was added to the protocol was to avoid "accidental
releases of information via unanticipated accesses to cache
data structures".  So it is really hard to figure out what it
is supposed to do for externally-visible behavior, since the
"intent" was that it would not be used to influence behavior!

Note that 13.1.1 (Cache Correctness) says

   A correct cache MUST respond to a request with the most up-to-date
   response held by the cache that is appropriate to the request (see
   sections 13.2.5, 13.2.6, and 13.12) which meets one of the following

I think the "principle of least astonishment" (as Dave Mills would
say) is that step #6 in Alex's example does not match an obvious
interpretation of "most up-to-date response ... that is appropriate
to the request", but on the other hand, I don't see anything in
RFC2616 that specifically prohibits step #6.

Overall, I would say that anyone who relies on externally-visible
behavior that is a specific side-effect of using no-store in
a request is making a mistake.   A client or server implementor
should use other cache-control directives to fully define the
visible behavior of caches.

This leaves open the denial-of-caching issue that Mark Nottingham
raised (i.e. an issue for implementors of shared proxy caches).
I think one has to make a judgement call here about whether there
is a significant risk of clients removing cache entries for each
other, and balance that against the possibility that a client
could end up with an out-of-date cached response (which seems
to me to be more likely to result in serious consequences).

One should note that the "editorial group" that ultimately was
responsible for the text of RFC2616 made an explicit decision
not to try to anticipate and define behavior for every possible
combination of HTTP request and response elements.  In the case
that Alex raises, we probably lacked any "intent" at all.

Received on Wednesday, 27 July 2005 21:39:03 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:13:26 UTC