Re: Does no-store in request imply no-cache? [#249] from Alex Rousskov on 2011-02-04 (ietf-http-wg@w3.org from January to March 2011)

From: Alex Rousskov <rousskov@measurement-factory.com>
Date: Fri, 04 Feb 2011 10:42:03 -0700
To: Mark Nottingham <mnot@mnot.net>
CC: HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <4D4C3A6B.7010909@measurement-factory.com>
On 02/03/2011 09:13 PM, Mark Nottingham wrote:
> Ah -- sorry, I cut/pasted the wrong text (we've split the definitions of the request and response directives in p6).
> 
> Revision:
> 
> Current:
> 
> """
> The no-store request directive indicates that a cache MUST NOT store any part of either this request or any response to it. This directive applies to both non-shared and shared caches. "MUST NOT store" in this context means that the cache MUST NOT intentionally store the information in non-volatile storage, and MUST make a best-effort attempt to remove the information from volatile storage as promptly as possible after forwarding it.
> 
> This directive is NOT a reliable or sufficient mechanism for ensuring privacy. In particular, malicious or compromised caches might not recognize or obey this directive, and communications networks might be vulnerable to eavesdropping.
> """
> 
> Proposal:
> 
> """
> The no-store request directive indicates that a cache MUST NOT store any part of either this request or any response to it. This directive applies to both non-shared and shared caches. "MUST NOT store" in this context means that the cache MUST NOT intentionally store the information in non-volatile storage, and MUST make a best-effort attempt to remove the information from volatile storage as promptly as possible after forwarding it.
> 
> This directive is NOT a reliable or sufficient mechanism for ensuring privacy. In particular, malicious or compromised caches might not recognize or obey this directive, and communications networks might be vulnerable to eavesdropping.
> 
> Note that if a request containing this directive is satisfied from a cache, it does not apply to the already stored response.
> """

I would still replace the last "it" as it is not 100% clear what it
refers to:

"""
Note that if a request containing this directive is satisfied from a
cache, the no-store request directive does not apply to the already
stored response.
"""

Which actually reads a little backwards because if the request is
satisfied from a cache, the proxy obviously thinks the no-store does not
apply! Consider this simplification:

"""
The server MAY ignore the no-store request directive when satisfying a
request from a cache.
"""

Thank you,

Alex.


> On 04/02/2011, at 3:22 AM, Alex Rousskov wrote:
> 
>> On 02/02/2011 10:46 PM, Mark Nottingham wrote:
>>> Current text:
>>
>>> """
>>> no-store
>>>
>>> The no-store response directive indicates that a cache MUST NOT store
>>> any part of either the immediate request or response. This directive
>>> applies to both non-shared and shared caches. "MUST NOT store" in
>>> this context means that the cache MUST NOT intentionally store the
>>> information in non-volatile storage, and MUST make a best-effort
>>> attempt to remove the information from volatile storage as promptly
>>> as possible after forwarding it.
>>>
>>> This directive is NOT a reliable or sufficient mechanism for ensuring
>>> privacy. In particular, malicious or compromised caches might not
>>> recognize or obey this directive, and communications networks might
>>> be vulnerable to eavesdropping.
>>>
>>> """
>>
>>
>>> Proposal:
>>>
>>> """
>>> no-store
>>>
>>> The no-store response directive indicates that a cache MUST NOT store
>>> any part of either the immediate request or response. This directive
>>> applies to both non-shared and shared caches. "MUST NOT store" in
>>> this context means that the cache MUST NOT intentionally store the
>>> information in non-volatile storage, and MUST make a best-effort
>>> attempt to remove the information from volatile storage as promptly
>>> as possible after forwarding it.
>>>
>>> This directive is NOT a reliable or sufficient mechanism for ensuring
>>> privacy. In particular, malicious or compromised caches might not
>>> recognize or obey this directive, and communications networks might
>>> be vulnerable to eavesdropping.
>>>
>>> Note that if a request containing this directive is satisfied from a
>>> cache, it does not apply to the already stored response.
>>> """
>>
>>
>> The "no-store response directive" opening of the first paragraph may
>> mislead the reader that the last two paragraphs apply only to no-store
>> in responses, especially since those paragraphs contain such vague
>> references as "this directive" and "it".
>>
>> How about moving the first paragraph down, making it the last of the
>> three paragraphs above? After all, the last two paragraphs apply to both
>> requests and responses. Or perhaps replace "this" and "it" references
>> with something more specific like "The no-store request or response
>> directive" and "the no-store request directive".
>>
>> Thank you,
>>
>> Alex.
>>
>>
>>
>>
>>> On 18/10/2010, at 3:07 PM, Mark Nottingham wrote:
>>>
>>>> Now #249:
>>>> http://trac.tools.ietf.org/wg/httpbis/trac/ticket/249
>>>>
>>>>
>>>> On 18/10/2010, at 10:53 AM, Mark Nottingham wrote:
>>>>
>>>>> Thoughts re: the below?
>>>>>
>>>>> My inclination is to clarify "any response to it" so that a cache can use the same cached response to serve multiple requests with no-store in them (or not). 
>>>>>
>>>>> Cheers,
>>>>>
>>>>>
>>>>> Begin forwarded message:
>>>>>
>>>>>> From: Alex Rousskov <rousskov@measurement-factory.com>
>>>>>> Date: 23 September 2010 9:47:57 AM AEST
>>>>>> To: Mark Nottingham <mnot@yahoo-inc.com>
>>>>>> Cc: Squid Developers <squid-dev@squid-cache.org>
>>>>>> Subject: Re: Does no-store in request imply no-cache?
>>>>>>
>>>>>> On 09/22/2010 05:05 PM, Mark Nottingham wrote:
>>>>>>
>>>>>>> Strictly, as a request directive it means "you can't store the
>>>>>>> response to this request" -- it says nothing about whether or not you
>>>>>>> can satisfy the request from a cache.
>>>>>>
>>>>>> Hi Mark,
>>>>>>
>>>>>> Let's assume the above is correct and Squid satisfied the no-store 
>>>>>> request from the cache. Should Squid purge the cached response afterwards?
>>>>>>
>>>>>> If Squid does not purge, the next regular request will get the same 
>>>>>> cached response as the no-store request got, kind of violating the "MUST 
>>>>>> NOT store any response to it" no-store requirement.
>>>>>>
>>>>>> If Squid purges, it is kind of silly because earlier requests could have 
>>>>>> gotten the same "sensitive" information before the no-store request came 
>>>>>> and declared the already cached information "sensitive".
>>>>>>
>>>>>> Thank you,
>>>>>>
>>>>>> Alex.
>>>>>>
>>>>>>
>>>>>>> See also:
>>>>>>> http://tools.ietf.org/html/draft-ietf-httpbis-p6-cache-11#section-3.2.1
>>>>>>>
>>>>>>>
>>>>>>> On 23/09/2010, at 4:27 AM, Alex Rousskov wrote:
>>>>>>>
>>>>>>>> Hello,
>>>>>>>>
>>>>>>>> One interpretation of RFC 2616 allows the proxy to serve hits when
>>>>>>>> the request contains "Cache-Control: no-store". Do you think such an
>>>>>>>> interpretation is valid?
>>>>>>>>
>>>>>>>> no-store
>>>>>>>>   The purpose of the no-store directive is to prevent the
>>>>>>>>   inadvertent release or retention of sensitive information (for
>>>>>>>>   example, on backup tapes). The no-store directive applies to the
>>>>>>>>   entire message, and MAY be sent either in a response or in a
>>>>>>>>   request. If sent in a request, a cache MUST NOT store any part of
>>>>>>>>   either this request or any response to it.
>>>>>>>>
>>>>>>>> Thank you,
>>>>>>>>
>>>>>>>> Alex.
>>>>>
>>>>> --
>>>>> Mark Nottingham   http://www.mnot.net/
>>>>>
>>>>>
>>>>>
>>>>>
>>>>
>>>> --
>>>> Mark Nottingham   http://www.mnot.net/
>>>>
>>>>
>>>>
>>>>
>>>
>>> --
>>> Mark Nottingham   http://www.mnot.net/
>>>
>>>
>>
> 
> --
> Mark Nottingham   http://www.mnot.net/
> 
> 
>
Received on Friday, 4 February 2011 17:42:40 UTC