Why should caches and intermediaries ignore If-Match?

Tom Bergan <tombergan@chromium.org> Wed, 15 February 2017 23:46 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9FC94129BEE for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 15 Feb 2017 15:46:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.501
X-Spam-Level:
X-Spam-Status: No, score=-6.501 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_SORBS_SPAM=0.5, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=chromium.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OEx_1hRGpBdT for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 15 Feb 2017 15:46:46 -0800 (PST)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 32963129BEA for <httpbisa-archive-bis2Juki@lists.ietf.org>; Wed, 15 Feb 2017 15:46:46 -0800 (PST)
Received: from lists by frink.w3.org with local (Exim 4.80) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1ce9En-0006vQ-PO for ietf-http-wg-dist@listhub.w3.org; Wed, 15 Feb 2017 23:43:53 +0000
Resent-Date: Wed, 15 Feb 2017 23:43:53 +0000
Resent-Message-Id: <E1ce9En-0006vQ-PO@frink.w3.org>
Received: from titan.w3.org ([128.30.52.76]) by frink.w3.org with esmtps (TLS1.2:RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <tombergan@chromium.org>) id 1ce9Ei-0006qw-OQ for ietf-http-wg@listhub.w3.org; Wed, 15 Feb 2017 23:43:48 +0000
Received: from mail-wm0-f52.google.com ([74.125.82.52]) by titan.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.84_2) (envelope-from <tombergan@chromium.org>) id 1ce9Ec-0007S1-HA for ietf-http-wg@w3.org; Wed, 15 Feb 2017 23:43:43 +0000
Received: by mail-wm0-f52.google.com with SMTP id c85so54346198wmi.1 for <ietf-http-wg@w3.org>; Wed, 15 Feb 2017 15:43:21 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:from:date:message-id:subject:to; bh=SLDPlyZGsy57r/q/7TQQa7r1lbsOAv8UkOr90lqEvs4=; b=BSW/2FLIGkZbSJtgG703FwDKtQV54Gn3T+Nd70b+r45ysqXH6ZYmDHPHyrM5OrUxVN Y/lc0tNO+Lh8HzCFNRttYqqz3KKXMIikUUMXqqRK8XtZFezlhlFyCk/s4Jviop2QaTNh MC6P5ptuMX7AMjQV5ewROlRfiOTIZBV1ov5bU=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=SLDPlyZGsy57r/q/7TQQa7r1lbsOAv8UkOr90lqEvs4=; b=jYIrqB4vZuF7vgcvM+o5pled5aE3/noqlBxAJ5QTdPTZ0vSKXoFL89x1sJHXP7LK+T fIWmqRL337MpepQ3J5wvcNJFJlQCh2vFZregmol9lsBzJCFtZ9+2cylyxqBf/EgBPAF6 3oywjOKw4rDd+uE70Aj650ZW537FJz796+uuSR4YIO7Q21f6XlBhGWjOV5XT8gNT+g+v aOgw8mEmSKIWIPmmGYG5wHGHK7585IgVrzZXCm4q+YKJoikqB29+ZdMtOLFB0Y1KaTTu CABq1oXA3PhwwO+F2VYsacxkphaNEzQuw4Ku4xqUrE2S87DL6Z5S6tUC3ko9TVbusBx5 J9mQ==
X-Gm-Message-State: AMke39lcYyqZYrU1VqGClQYwz71f14IZxsnCbUESfcXaPjOlcMMxoqIfU36sUqocc8NfApqQ
X-Received: by 10.28.223.6 with SMTP id w6mr10272920wmg.17.1487202195669; Wed, 15 Feb 2017 15:43:15 -0800 (PST)
Received: from mail-wm0-f48.google.com (mail-wm0-f48.google.com. [74.125.82.48]) by smtp.gmail.com with ESMTPSA id u198sm1186561wmf.9.2017.02.15.15.43.14 for <ietf-http-wg@w3.org> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 15 Feb 2017 15:43:14 -0800 (PST)
Received: by mail-wm0-f48.google.com with SMTP id c85so54345892wmi.1 for <ietf-http-wg@w3.org>; Wed, 15 Feb 2017 15:43:14 -0800 (PST)
X-Received: by 10.28.215.206 with SMTP id o197mr9310893wmg.31.1487202194060; Wed, 15 Feb 2017 15:43:14 -0800 (PST)
MIME-Version: 1.0
Received: by 10.28.135.201 with HTTP; Wed, 15 Feb 2017 15:43:13 -0800 (PST)
From: Tom Bergan <tombergan@chromium.org>
Date: Wed, 15 Feb 2017 15:43:13 -0800
X-Gmail-Original-Message-ID: <CA+3+x5FgdfAQ4Nos9VTGe35RiH8Z+3zZiUGH_bKXHz+VO+UAbQ@mail.gmail.com>
Message-ID: <CA+3+x5FgdfAQ4Nos9VTGe35RiH8Z+3zZiUGH_bKXHz+VO+UAbQ@mail.gmail.com>
To: HTTP Working Group <ietf-http-wg@w3.org>
Content-Type: multipart/alternative; boundary="001a11468e107ce24705489a3e8d"
Received-SPF: pass client-ip=74.125.82.52; envelope-from=tombergan@chromium.org; helo=mail-wm0-f52.google.com
X-W3C-Hub-Spam-Status: No, score=-2.4
X-W3C-Hub-Spam-Report: AWL=1.150, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RCVD_IN_SORBS_SPAM=0.5, SPF_PASS=-0.001, W3C_AA=-1, W3C_WL=-1
X-W3C-Scan-Sig: titan.w3.org 1ce9Ec-0007S1-HA eb393add0dd41e5af8def3beaa06461d
X-Original-To: ietf-http-wg@w3.org
Subject: Why should caches and intermediaries ignore If-Match?
Archived-At: <http://www.w3.org/mid/CA+3+x5FgdfAQ4Nos9VTGe35RiH8Z+3zZiUGH_bKXHz+VO+UAbQ@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/33545
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

RFC 7232 Section 3.1 says:

> The If-Match header field can be ignored by caches and intermediaries
> because it is not applicable to a stored response.

RFC 7234 Section 4.3.2 says the same thing:

> The If-Match ... conditional header fields are not applicable to a cache.

Why?

Suppose the client sends a GET request with If-Match: "A". This request is
first sent to an HTTP cache. Suppose the requested resource is cached, and
suppose the cache ignores the If-Match header as suggested above. If the
cache has version "B" cached, not version "A", the cache will return a 2xx
with ETag: "B". This behavior is surprising and seems to contradict the
following statement from RFC 7232 Section 3.1:

> [If-Match] can also be used with safe
> methods to abort a request if the selected representation does not
> match one already stored (or partially stored) from a prior request.

I am trying to use If-Match for exactly this reason.

I understand why a cache would not generate 412s. The cache is not
authoritative for the resource and 412 implies authority. But, it seems
like the cache should never respond with an ETag that is disallowed by
If-Match, and if the cache does not have an allowed ETag, then the request
should be forwarded to the origin. Does that sound right?