Re: #430 / #268 - definition of "public" from Patrick McManus on 2013-01-31 (ietf-http-wg@w3.org from January to March 2013)

From: Patrick McManus <pmcmanus@mozilla.com>
Date: Thu, 31 Jan 2013 11:10:50 +0900
To: HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <CAOdDvNoEYBVz7HKK7LMLKBWZgX6JKvLJwNXhG63nGYjovT2B9g@mail.gmail.com>

On Thu, Jan 31, 2013 at 6:37 AM, David Morris <dwm@xpasc.com> wrote:

>
>
> On Wed, 30 Jan 2013, Roy T. Fielding wrote:
>
> > Yes.  Generally speaking, if the origin server puts two mutually
> > exclusive directives in the same header field, they want the
> > recipient to apply the most lenient one to which they are fully
> > compliant (i.e., the same principle we define for extensions).
> >
> > If the origin server doesn't want that, then it doesn't send public.
> >
> > I don't see anything vague about it (at least no more vague than the
> > concept of caching itself).  And keep in mind that this is only a
> > MAY for caches: they don't have to cache it; they have permission to.
>
> Ummm ... that interpretation applied to a conflict in a privacy setting
> makes no sense ... a conflcit regarding privacy and/or security must
> always be resolved with the most restrictive directive.
>
>
+1 - imo if someone put no-mumble on the response that's the strongest
signal due to privacy/security even in a mess of mixed signals.

Received on Thursday, 31 January 2013 02:11:18 UTC