On 23/09/2010, at 9:47 AM, Alex Rousskov wrote: > > Hi Mark, > > Let's assume the above is correct and Squid satisfied the no-store > request from the cache. Should Squid purge the cached response afterwards? > > If Squid does not purge, the next regular request will get the same > cached response as the no-store request got, kind of violating the "MUST NOT > store any response to it" no-store requirement.
Sort of, but not really. I agree this could be worded better; we'll work on it. > If Squid purges, it is kind of silly because earlier requests could have > gotten the same "sensitive" information before the no-store request came and > declared the already cached information "sensitive". Agreed. This has been discussed in the WG before (can't remember the ref); basically, it boiled down to each request being independent; you don't want requests affecting other ones (beyond anything, it's a security issue if you allow clients to purge your cache indescriminantly). -- Mark Nottingham m...@yahoo-inc.com
