IETF Logo Mail Archive

Re: dont-revalidate Cache-Control header

Mark Nottingham <mnot@mnot.net> Thu, 16 July 2015 10:02 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A1CAB1A8912 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 16 Jul 2015 03:02:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.912
X-Spam-Level:
X-Spam-Status: No, score=-6.912 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ac6hHNLyMh3F for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 16 Jul 2015 03:02:47 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D27361A8911 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Thu, 16 Jul 2015 03:02:47 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.80) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1ZFfyA-0001Y3-QD for ietf-http-wg-dist@listhub.w3.org; Thu, 16 Jul 2015 10:00:46 +0000
Resent-Date: Thu, 16 Jul 2015 10:00:46 +0000
Resent-Message-Id: <E1ZFfyA-0001Y3-QD@frink.w3.org>
Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtps (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <mnot@mnot.net>) id 1ZFfy7-0001Vb-Qu for ietf-http-wg@listhub.w3.org; Thu, 16 Jul 2015 10:00:43 +0000
Received: from mxout-07.mxes.net ([216.86.168.182]) by lisa.w3.org with esmtps (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from <mnot@mnot.net>) id 1ZFfy5-0007Tr-Uk for ietf-http-wg@w3.org; Thu, 16 Jul 2015 10:00:43 +0000
Received: from [37.9.98.236] (unknown [89.246.67.118]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.mxes.net (Postfix) with ESMTPSA id 0547C22E271; Thu, 16 Jul 2015 06:00:15 -0400 (EDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2102\))
From: Mark Nottingham <mnot@mnot.net>
In-Reply-To: <CABgOVaKLx-YrNM0XQ8LMvTYq9vsANeqEkSdj+qYpCQjDGXvLtQ@mail.gmail.com>
Date: Thu, 16 Jul 2015 12:00:14 +0200
Cc: Guille -bisho- <bishillo@gmail.com>, Amos Jeffries <squid3@treenet.co.nz>, HTTP Working Group <ietf-http-wg@w3.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <61E464B4-FED2-4DDB-B576-E4F625380A5F@mnot.net>
References: <CABgOVaLHBb4zcgvO4NUUmAzUjNkocBGYY3atFA9iuYyoLaLQsA@mail.gmail.com> <559F9E90.4020801@treenet.co.nz> <CABgOVaLG6QZyjqk2AGYupShST_u3ty9BpxUcPX+_yMEC1hyHAQ@mail.gmail.com> <961203FE-7E54-410F-923E-71C04914CD2E@mnot.net> <CABgOVaJxntEyT0v4GvWm0Qi9jbUPEnzxJgg4KyQSM1T_gN1mjQ@mail.gmail.com> <16407353-5C34-42E8-81A6-E0027EC3A0D0@mnot.net> <CABgOVa+C48yYp-ZkawY+Ho6pXONa_UfB0MVt_2+d0ejyESu2Pw@mail.gmail.com> <CAMSE37sqDmSstH7sDVYUgDCRB6hxi3X2b5MH27ORaYXm-aYwLw@mail.gmail.com> <BB0055C4-8042-45E9-A73A-3A8003B3224D@mnot.net> <CABgOVaKLx-YrNM0XQ8LMvTYq9vsANeqEkSdj+qYpCQjDGXvLtQ@mail.gmail.com>
To: Ben Maurer <ben.maurer@gmail.com>
X-Mailer: Apple Mail (2.2102)
Received-SPF: pass client-ip=216.86.168.182; envelope-from=mnot@mnot.net; helo=mxout-07.mxes.net
X-W3C-Hub-Spam-Status: No, score=-8.9
X-W3C-Hub-Spam-Report: AWL=0.676, BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_DB=-1, W3C_IRA=-1, W3C_IRR=-3, W3C_WL=-1
X-W3C-Scan-Sig: lisa.w3.org 1ZFfy5-0007Tr-Uk 873f4acae76da6e03a32c72c24a5c3cb
X-Original-To: ietf-http-wg@w3.org
Subject: Re: dont-revalidate Cache-Control header
Archived-At: <http://www.w3.org/mid/61E464B4-FED2-4DDB-B576-E4F625380A5F@mnot.net>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/29970
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

Note:
  http://httpwg.github.io/specs/rfc7234.html#incomplete.responses

Cheers,


> On 16 Jul 2015, at 11:56 am, Ben Maurer <ben.maurer@gmail.com> wrote:
> 
> To take this a step further, it's really critical that UAs do not cache resources in any situation where the connection is closed or aborted prior to receiving the full Content-Length number of bytes or the terminal chunk in chunked encoding. There's no good way for a user to fix this kind of situation other than clearing their cache -- if they refresh with ctrl+r, they would generally get a 304 on the resource. We actually went through a round of testing this behavior at FB while we were tracking down a bug, but I'm struggling to find our results since it was a long time ago.
> 
> Servers should probably not send long expiration headers on a connection that is delimited by connection close unless they are able to send a Content-Length header. In practice we haven't seen this be an issue because nearly all UAs are able to get chunked responses.
> 
> -b
> 
> On Thu, Jul 16, 2015 at 10:25 AM, Mark Nottingham <mnot@mnot.net> wrote:
> 
> > On 15 Jul 2015, at 7:13 pm, Guille -bisho- <bishillo@gmail.com> wrote:
> >
> >
> > On Tue, Jul 14, 2015 at 5:36 AM, Ben Maurer <ben.maurer@gmail.com> wrote:
> > static
> >
> > If corruption is still a concern (not sure if it is because https will give us better integrity guarantees), what about an optional checksum? static=<type>:<hash> like static=SHA1:###... ?
> >
> > That could help preventing corruption for items that are going to stay in cache forever. It doesn't need to be mandatory neither on origin nor clients to validate it, but intermediate proxies/browsers can be more sure that the content they are storing is non-corrupted.
> 
> At the least, we should have language to the effect that this directive (however conveyed) is only valid if the response is complete, and connection close was NOT used to delimit the response.
> 
> 
> 
> --
> Mark Nottingham   https://www.mnot.net/
> 
> 
> 
> 
> 

--
Mark Nottingham   https://www.mnot.net/

v2.23.0 | Report a Bug | By Email