p6-cache-orig.txt   draft-fielding-http-p6-cache-00.txt 
Network Working Group R. Fielding Network Working Group R. Fielding, Ed.
Internet-Draft UC Irvine Internet-Draft Day Software
Obsoletes: 2068, 2616, 2617 J. Gettys Obsoletes: 2068, 2616, 2617 J. Gettys
(if approved) Compaq/W3C (if approved) J. Mogul
Intended status: Standards Track J. Mogul Intended status: Standards Track HP
Expires: March 4, 2008 Compaq Expires: May 14, 2008 H. Frystyk
H. Frystyk Microsoft
W3C/MIT
L. Masinter L. Masinter
Xerox Adobe Systems
P. Leach P. Leach
Microsoft Microsoft
T. Berners-Lee T. Berners-Lee
W3C/MIT W3C/MIT
September 2007 November 11, 2007
HTTP/1.1, part 6: Caching HTTP/1.1, part 6: Caching
draft-fielding-http-p6-cache-00 draft-fielding-http-p6-cache-00
Status of this Memo Status of this Memo
By submitting this Internet-Draft, each author represents that any By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79. aware will be disclosed, in accordance with Section 6 of BCP 79.
skipping to change at page 1, line 45 skipping to change at page 1, line 44
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on March 4, 2008. This Internet-Draft will expire on May 14, 2008.
Copyright Notice Copyright Notice
Copyright (C) The IETF Trust (2007). Copyright (C) The IETF Trust (2007).
Abstract Abstract
The Hypertext Transfer Protocol (HTTP) is an application-level The Hypertext Transfer Protocol (HTTP) is an application-level
protocol for distributed, collaborative, hypermedia information protocol for distributed, collaborative, hypermedia information
systems. HTTP has been in use by the World Wide Web global systems. HTTP has been in use by the World Wide Web global
information initiative since 1990. This document is Part 6 of the information initiative since 1990. This document is Part 6 of the
eight-part specification that defines the protocol referred to as eight-part specification that defines the protocol referred to as
"HTTP/1.1" and, taken together, updates RFC 2616 and RFC 2617. Part "HTTP/1.1" and, taken together, updates RFC 2616 and RFC 2617. Part
4 defines requirements on HTTP caches and the associated header 6 defines requirements on HTTP caches and the associated header
fields that control cache behavior or indicate cacheable response fields that control cache behavior or indicate cacheable response
messages. messages.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4
1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 4 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 4
1.2. Delta Seconds . . . . . . . . . . . . . . . . . . . . . . 5 1.2. Delta Seconds . . . . . . . . . . . . . . . . . . . . . . 5
2. Caching in HTTP . . . . . . . . . . . . . . . . . . . . . . . 5 2. Caching in HTTP . . . . . . . . . . . . . . . . . . . . . . . 5
2.1. Overview . . . . . . . . . . . . . . . . . . . . . . . . . 5 2.1. Overview . . . . . . . . . . . . . . . . . . . . . . . . . 5
skipping to change at page 3, line 19 skipping to change at page 3, line 19
3.2.1. What is Cacheable . . . . . . . . . . . . . . . . . . 28 3.2.1. What is Cacheable . . . . . . . . . . . . . . . . . . 28
3.2.2. What May be Stored by Caches . . . . . . . . . . . . . 29 3.2.2. What May be Stored by Caches . . . . . . . . . . . . . 29
3.2.3. Modifications of the Basic Expiration Mechanism . . . 30 3.2.3. Modifications of the Basic Expiration Mechanism . . . 30
3.2.4. Cache Revalidation and Reload Controls . . . . . . . . 32 3.2.4. Cache Revalidation and Reload Controls . . . . . . . . 32
3.2.5. No-Transform Directive . . . . . . . . . . . . . . . . 34 3.2.5. No-Transform Directive . . . . . . . . . . . . . . . . 34
3.2.6. Cache Control Extensions . . . . . . . . . . . . . . . 35 3.2.6. Cache Control Extensions . . . . . . . . . . . . . . . 35
3.3. Expires . . . . . . . . . . . . . . . . . . . . . . . . . 36 3.3. Expires . . . . . . . . . . . . . . . . . . . . . . . . . 36
3.4. Pragma . . . . . . . . . . . . . . . . . . . . . . . . . . 37 3.4. Pragma . . . . . . . . . . . . . . . . . . . . . . . . . . 37
3.5. Vary . . . . . . . . . . . . . . . . . . . . . . . . . . . 37 3.5. Vary . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
3.6. Warning . . . . . . . . . . . . . . . . . . . . . . . . . 38 3.6. Warning . . . . . . . . . . . . . . . . . . . . . . . . . 38
4. Security Considerations . . . . . . . . . . . . . . . . . . . 41 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 41
5. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 41 5. Security Considerations . . . . . . . . . . . . . . . . . . . 41
6. References . . . . . . . . . . . . . . . . . . . . . . . . . . 41 6. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 41
7. References . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Appendix A. Changes from RFC 2068 . . . . . . . . . . . . . . . . 42 Appendix A. Changes from RFC 2068 . . . . . . . . . . . . . . . . 42
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42 Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 44 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 44
Intellectual Property and Copyright Statements . . . . . . . . . . 47 Intellectual Property and Copyright Statements . . . . . . . . . . 47
1. Introduction 1. Introduction
This document will define aspects of HTTP related to caching response This document will define aspects of HTTP related to caching response
messages. Right now it only includes the extracted relevant sections messages. Right now it only includes the extracted relevant sections
of RFC 2616 [RFC2616] without edit. of RFC 2616 [RFC2616] without edit.
skipping to change at page 19, line 21 skipping to change at page 19, line 21
o Connection o Connection
o Keep-Alive o Keep-Alive
o Proxy-Authenticate o Proxy-Authenticate
o Proxy-Authorization o Proxy-Authorization
o TE o TE
o Trailers o Trailer
o Transfer-Encoding o Transfer-Encoding
o Upgrade o Upgrade
All other headers defined by HTTP/1.1 are end-to-end headers. All other headers defined by HTTP/1.1 are end-to-end headers.
Other hop-by-hop headers MUST be listed in a Connection header, Other hop-by-hop headers MUST be listed in a Connection header ([Part
([Part 1]) to be introduced into HTTP/1.1 (or later). 1]).
2.5.2. Non-modifiable Headers 2.5.2. Non-modifiable Headers
Some features of the HTTP/1.1 protocol, such as Digest Some features of the HTTP/1.1 protocol, such as Digest
Authentication, depend on the value of certain end-to-end headers. A Authentication, depend on the value of certain end-to-end headers. A
transparent proxy SHOULD NOT modify an end-to-end header unless the transparent proxy SHOULD NOT modify an end-to-end header unless the
definition of that header requires or specifically allows that. definition of that header requires or specifically allows that.
A transparent proxy MUST NOT modify any of the following fields in a A transparent proxy MUST NOT modify any of the following fields in a
request or response, and it MUST NOT add any of these fields if not request or response, and it MUST NOT add any of these fields if not
skipping to change at page 24, line 36 skipping to change at page 24, line 36
is either the entity referred to by the Request-URI, or by the is either the entity referred to by the Request-URI, or by the
Location or Content-Location headers (if present). These methods Location or Content-Location headers (if present). These methods
are: are:
o PUT o PUT
o DELETE o DELETE
o POST o POST
In order to prevent denial of service attacks, an invalidation based An invalidation based on the URI in a Location or Content-Location
on the URI in a Location or Content-Location header MUST only be header MUST NOT be performed if the host part of that URI differs
performed if the host part is the same as in the Request-URI. from the host part in the Request-URI. This helps prevent denial of
service attacks.
A cache that passes through requests for methods it does not A cache that passes through requests for methods it does not
understand SHOULD invalidate any entities referred to by the Request- understand SHOULD invalidate any entities referred to by the Request-
URI. URI.
2.11. Write-Through Mandatory 2.11. Write-Through Mandatory
All methods that might be expected to cause modifications to the All methods that might be expected to cause modifications to the
origin server's resources MUST be written through to the origin origin server's resources MUST be written through to the origin
server. This currently includes all methods except for GET and HEAD. server. This currently includes all methods except for GET and HEAD.
skipping to change at page 41, line 23 skipping to change at page 41, line 23
each warning-value a warn-date that matches the date in the response. each warning-value a warn-date that matches the date in the response.
If an implementation receives a message with a warning-value that If an implementation receives a message with a warning-value that
includes a warn-date, and that warn-date is different from the Date includes a warn-date, and that warn-date is different from the Date
value in the response, then that warning-value MUST be deleted from value in the response, then that warning-value MUST be deleted from
the message before storing, forwarding, or using it. (This prevents the message before storing, forwarding, or using it. (This prevents
bad consequences of naive caching of Warning header fields.) If all bad consequences of naive caching of Warning header fields.) If all
of the warning-values are deleted for this reason, the Warning header of the warning-values are deleted for this reason, the Warning header
MUST be deleted as well. MUST be deleted as well.
4. Security Considerations 4. IANA Considerations
TBD.
5. Security Considerations
Caching proxies provide additional potential vulnerabilities, since Caching proxies provide additional potential vulnerabilities, since
the contents of the cache represent an attractive target for the contents of the cache represent an attractive target for
malicious exploitation. Because cache contents persist after an HTTP malicious exploitation. Because cache contents persist after an HTTP
request is complete, an attack on the cache can reveal information request is complete, an attack on the cache can reveal information
long after a user believes that the information has been removed from long after a user believes that the information has been removed from
the network. Therefore, cache contents should be protected as the network. Therefore, cache contents should be protected as
sensitive information. sensitive information.
5. Acknowledgments 6. Acknowledgments
Much of the content and presentation of the caching design is due to Much of the content and presentation of the caching design is due to
suggestions and comments from individuals including: Shel Kaphan, suggestions and comments from individuals including: Shel Kaphan,
Paul Leach, Koen Holtman, David Morris, and Larry Masinter. Paul Leach, Koen Holtman, David Morris, and Larry Masinter.
Based on an XML translation of RFC 2616 by Julian Reschke. Based on an XML translation of RFC 2616 by Julian Reschke.
6. References 7. References
[RFC1305] Mills, D., "Network Time Protocol (Version 3) [RFC1305] Mills, D., "Network Time Protocol (Version 3)
Specification, Implementation", RFC 1305, March 1992. Specification, Implementation", RFC 1305, March 1992.
[RFC2047] Moore, K., "MIME (Multipurpose Internet Mail Extensions) [RFC2047] Moore, K., "MIME (Multipurpose Internet Mail Extensions)
Part Three: Message Header Extensions for Non-ASCII Text", Part Three: Message Header Extensions for Non-ASCII Text",
RFC 2047, November 1996. RFC 2047, November 1996.
[RFC2616] Fielding, R., Gettys, J., Mogul, J., Frystyk, H., [RFC2616] Fielding, R., Gettys, J., Mogul, J., Frystyk, H.,
Masinter, L., Leach, P., and T. Berners-Lee, "Hypertext Masinter, L., Leach, P., and T. Berners-Lee, "Hypertext
skipping to change at page 42, line 32 skipping to change at page 42, line 36
Index Index
A A
age 4 age 4
Age header 26 Age header 26
C C
cache 4 cache 4
Cache Directives Cache Directives
max-age 31 max-age 31
max-age 32 max-age 33
max-stale 31 max-stale 31
min-fresh 31 min-fresh 31
must-revalidate 33 must-revalidate 33
no-cache 28 no-cache 28
no-store 29 no-store 29
no-transform 34 no-transform 34
only-if-cached 33 only-if-cached 33
private 28 private 28
proxy-revalidate 34 proxy-revalidate 34
public 28 public 28
skipping to change at page 43, line 23 skipping to change at page 43, line 27
Cache-Control 27 Cache-Control 27
cache-directive 27 cache-directive 27
cache-extension 27 cache-extension 27
cache-request-directive 27 cache-request-directive 27
cache-response-directive 27 cache-response-directive 27
delta-seconds 5 delta-seconds 5
Expires 36 Expires 36
extension-pragma 37 extension-pragma 37
Pragma 37 Pragma 37
pragma-directive 37 pragma-directive 37
Vary 37 Vary 38
warn-agent 39 warn-agent 39
warn-code 39 warn-code 39
warn-date 39 warn-date 39
warn-text 39 warn-text 39
Warning 39 Warning 39
warning-value 39 warning-value 39
H H
Headers Headers
Age 26 Age 26
Cache-Control 26 Cache-Control 26
Expires 36 Expires 36
Pragma 37 Pragma 37
Vary 37 Vary 37
Warning 38 Warning 38
heuristic expiration time 4 heuristic expiration time 4
M M
max-age max-age
Cache Directive 31 Cache Directive 31
Cache Directive 32 Cache Directive 33
max-stale max-stale
Cache Directive 31 Cache Directive 31
min-fresh min-fresh
Cache Directive 31 Cache Directive 31
must-revalidate must-revalidate
Cache Directive 33 Cache Directive 33
N N
no-cache no-cache
Cache Directive 28 Cache Directive 28
no-store no-store
Cache Directive 29 Cache Directive 29
no-transform no-transform
Cache Directive 34 Cache Directive 34
O O
only-if-cached only-if-cached
skipping to change at page 44, line 40 skipping to change at page 45, line 7
V V
validator 5 validator 5
Vary header 37 Vary header 37
W W
Warning header 38 Warning header 38
Authors' Addresses Authors' Addresses
Roy T. Fielding Roy T. Fielding (editor)
Department of Information and Computer Science Day Software
University of California, Irvine 23 Corporate Plaza DR, Suite 280
Irvine, CA 92697-3425 Newport Beach, CA 92660
USA
Phone: +1-949-706-5300
Fax: +1-949-706-5305
Email: fielding@gbiv.com
URI: http://roy.gbiv.com/
Fax: +1(949)824-1715
Email: fielding@ics.uci.edu
James Gettys James Gettys
World Wide Web Consortium Hewlett-Packard Company
MIT Laboratory for Computer Science, NE43-356 HP Labs, Cambridge Research Laboratory
545 Technology Square One Cambridge Center
Cambridge, MA 02139 Cambridge, MA 02138
USA
Fax: +1(617)258-8682 Email: Jim.Gettys@hp.com
Email: jg@w3.org
Jeffrey C. Mogul Jeffrey C. Mogul
Compaq Computer Corporation Hewlett-Packard Company
Western Research Laboratory HP Labs, Large Scale Systems Group
250 University Avenue 1501 Page Mill Road, MS 1177
Palo Alto, CA 94305 Palo Alto, CA 94304
USA
Email: mogul@wrl.dec.com Email: JeffMogul@acm.org
Henrik Frystyk Nielsen Henrik Frystyk Nielsen
World Wide Web Consortium Microsoft Corporation
MIT Laboratory for Computer Science, NE43-356 1 Microsoft Way
545 Technology Square Redmond, WA 98052
Cambridge, MA 02139 USA
Fax: +1(617)258-8682
Email: frystyk@w3.org
Email: henrikn@microsoft.com
Larry Masinter Larry Masinter
Xerox Corporation Adobe Systems, Incorporated
MIT Laboratory for Computer Science, NE43-356 345 Park Ave
3333 Coyote Hill Road San Jose, CA 95110
Palo Alto, CA 94034 USA
Email: masinter@parc.xerox.com Email: LMM@acm.org
URI: http://larry.masinter.net/
Paul J. Leach Paul J. Leach
Microsoft Corporation Microsoft Corporation
1 Microsoft Way 1 Microsoft Way
Redmond, WA 98052 Redmond, WA 98052
Email: paulle@microsoft.com Email: paulle@microsoft.com
Tim Berners-Lee Tim Berners-Lee
World Wide Web Consortium World Wide Web Consortium
MIT Laboratory for Computer Science, NE43-356 MIT Laboratory for Computer Science
545 Technology Square 545 Technology Square
Cambridge, MA 02139 Cambridge, MA 02139
USA
Fax: +1(617)258-8682 Fax: +1 (617) 258 8682
Email: timbl@w3.org Email: timbl@w3.org
Full Copyright Statement Full Copyright Statement
Copyright (C) The IETF Trust (2007). Copyright (C) The IETF Trust (2007).
This document is subject to the rights, licenses and restrictions This document is subject to the rights, licenses and restrictions
contained in BCP 78, and except as set forth therein, the authors contained in BCP 78, and except as set forth therein, the authors
retain all their rights. retain all their rights.
 End of changes. 31 change blocks. 
57 lines changed or deleted 69 lines changed or added

This html diff was produced by rfcdiff 1.34. The latest version is available from http://tools.ietf.org/tools/rfcdiff/