- From: Martin Thomson <martin.thomson@gmail.com>
- Date: Thu, 31 Jan 2013 11:12:26 +0900
- To: HTTP Working Group <ietf-http-wg@w3.org>
On 31 January 2013 06:37, David Morris <dwm@xpasc.com> wrote: > > > On Wed, 30 Jan 2013, Roy T. Fielding wrote: > >> Yes. Generally speaking, if the origin server puts two mutually >> exclusive directives in the same header field, they want the >> recipient to apply the most lenient one to which they are fully >> compliant (i.e., the same principle we define for extensions). >> >> If the origin server doesn't want that, then it doesn't send public. >> >> I don't see anything vague about it (at least no more vague than the >> concept of caching itself). And keep in mind that this is only a >> MAY for caches: they don't have to cache it; they have permission to. > > Ummm ... that interpretation applied to a conflict in a privacy setting > makes no sense ... a conflcit regarding privacy and/or security must > always be resolved with the most restrictive directive. I agree with David here. I like determinism, but this particular choice is the least likeable option of those that are available. In resolving an ambiguity, the safest choice is to choose the *least* liberal caching/sharing option. That said, we have to respect what actually happens in actual caches. If this is the current behavior, then let's document that.
Received on Thursday, 31 January 2013 02:12:55 UTC