On 23/09/2010, at 9:47 AM, Alex Rousskov wrote:
>
> Hi Mark,
>
> Let's assume the above is correct and Squid satisfied the no-store request from the cache. Should Squid purge the cached response afterwards?
>
> If Squid does not purge, the next regular request will get the same
> cached response as the no-store request got, kind of violating the "MUST NOT store any response to it" no-store requirement.
Sort of, but not really. I agree this could be worded better; we'll work on it.
> If Squid purges, it is kind of silly because earlier requests could have gotten the same "sensitive" information before the no-store request came and declared the already cached information "sensitive".
Agreed.
This has been discussed in the WG before (can't remember the ref); basically, it boiled down to each request being independent; you don't want requests affecting other ones (beyond anything, it's a security issue if you allow clients to purge your cache indescriminantly).
-- Mark Nottingham mnot_at_yahoo-inc.comReceived on Thu Sep 23 2010 - 00:18:57 MDT
This archive was generated by hypermail 2.2.0 : Thu Sep 23 2010 - 12:00:11 MDT