- From: Roy T. Fielding <fielding@gbiv.com>
- Date: Tue, 8 Jun 2010 14:22:57 -0700
- To: Henrik Nordström <henrik@henriknordstrom.net>
- Cc: Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>
On Jun 8, 2010, at 12:08 AM, Henrik Nordström wrote: > mån 2010-06-07 klockan 19:40 -0700 skrev Roy T. Fielding: >> Wouldn't it be easier to just say Authorization implies >> "Cache-control: private" unless explicitly given otherwise? > > What is "explicitly given otherwise"? There is no directive which > explicitly negates private. Cache-Control directives all adds up to the > status of the response, restricting the bounds of caching or softly > extending it. There technically is no conflict in "Cache-Control: > private, public, s-maxage=100000" even if the "public, s-maxage=100000" > part is redundant. (private MUST NOT, public/s-max-age MAY) No, if "Cache-control: public" is given then it overrides any default in the protocol semantics. I meant that private is the new default for that response, not that private would appear in Cache-control. > I don't see how to get out of this without explicitly stating which > directives overrides the implicit "private". And referencing to the > authenticated state as an implicit "private" only adds confusion I > think, reducing the meaning of MUST NOT unless worded carefully. And I don't understand how that is confusing. Implicit == default. The only reason "public" exists is to override that default when, for whatever reason, the default is private or no-cache. ....Roy
Received on Tuesday, 8 June 2010 21:23:28 UTC