- From: Thomson, Martin <Martin.Thomson@commscope.com>
- Date: Tue, 3 May 2011 10:16:15 +0800
- To: Mark Nottingham <mnot@mnot.net>
- CC: httpbis mailing list <ietf-http-wg@w3.org>
On 2011-05-03 at 11:47:45, Mark Nottingham wrote: > On 03/05/2011, at 11:10 AM, Thomson, Martin wrote: > > > Does the value of the Cache-Control header have any bearing on whether > > something is logged? > > Nope. > > I suppose you could read Cache-Control: no-store has having those > semantics, but it doesn't in any implementation I'm aware of. Perhaps > we need to clarify that. With my privacy nut hat on, it would be nice if that could be added. It's certainly consistent with the definition of no-store. I'm not expecting the guidance to have any teeth, nor for it to have any impact on implementations, but there's a definite advantage to having text to that effect. There is the question about non-caching intermediaries that might otherwise perform logging. They aren't always going to look at Cache-Control unless they need to (for no-transform), so a caveat along the lines of "this is NOT a reliable or sufficient mechanism" might need to be added for this. That leaves me with (for p6, S3.2.1 & S3.2.2): An intermediary that performs logging (whether or not it implements a cache) MUST NOT perform logging for requests or responses with a no-store directive. --Martin
Received on Tuesday, 3 May 2011 02:16:49 UTC