- From: Mark Nottingham <mnot@mnot.net>
- Date: Tue, 3 May 2011 12:23:16 +1000
- To: "Thomson, Martin" <Martin.Thomson@commscope.com>
- Cc: httpbis mailing list <ietf-http-wg@w3.org>
On 03/05/2011, at 12:16 PM, Thomson, Martin wrote: > On 2011-05-03 at 11:47:45, Mark Nottingham wrote: >> On 03/05/2011, at 11:10 AM, Thomson, Martin wrote: >> >>> Does the value of the Cache-Control header have any bearing on whether >>> something is logged? >> >> Nope. >> >> I suppose you could read Cache-Control: no-store has having those >> semantics, but it doesn't in any implementation I'm aware of. Perhaps >> we need to clarify that. > > With my privacy nut hat on, it would be nice if that could be added. It's certainly consistent with the definition of no-store. > > I'm not expecting the guidance to have any teeth, nor for it to have any impact on implementations, but there's a definite advantage to having text to that effect. > > There is the question about non-caching intermediaries that might otherwise perform logging. They aren't always going to look at Cache-Control unless they need to (for no-transform), so a caveat along the lines of "this is NOT a reliable or sufficient mechanism" might need to be added for this. > > That leaves me with (for p6, S3.2.1 & S3.2.2): > > An intermediary that performs logging (whether or not it implements a cache) MUST NOT perform logging for requests or responses with a no-store directive. The problem is that a) this will make lots of existing implementations non-conformant, and b) people will start emitting no-store everywhere to control logging, killing caching in the process. I'm afraid the horse has already bolted here... Cheers, -- Mark Nottingham http://www.mnot.net/
Received on Tuesday, 3 May 2011 02:23:48 UTC