[prev in list] [next in list] [prev in thread] [next in thread] 

List:       squid-dev
Subject:    Re: Does no-store in request imply no-cache?
From:       Mark Nottingham <mnot () yahoo-inc ! com>
Date:       2010-09-23 0:18:34
Message-ID: 44EFE7C0-E7FB-4C67-875E-A9F6842D9A93 () yahoo-inc ! com
[Download RAW message or body]


On 23/09/2010, at 9:47 AM, Alex Rousskov wrote:
> 
> Hi Mark,
> 
> Let's assume the above is correct and Squid satisfied the no-store request from the \
> cache. Should Squid purge the cached response afterwards? 
> If Squid does not purge, the next regular request will get the same 
> cached response as the no-store request got, kind of violating the "MUST NOT store \
> any response to it" no-store requirement.

Sort of, but not really. I agree this could be worded better; we'll work on it.

> If Squid purges, it is kind of silly because earlier requests could have gotten the \
> same "sensitive" information before the no-store request came and declared the \
> already cached information "sensitive".

Agreed. 

This has been discussed in the WG before (can't remember the ref); basically, it \
boiled down to each request being independent; you don't want requests affecting \
other ones (beyond anything, it's a security issue if you allow clients to purge your \
cache indescriminantly). 

--
Mark Nottingham       mnot@yahoo-inc.com


[prev in list] [next in list] [prev in thread] [next in thread]