draft-ietf-httpbis-p6-cache-02.txt   draft-ietf-httpbis-p6-cache-03.txt 
Network Working Group R. Fielding, Ed. Network Working Group R. Fielding, Ed.
Internet-Draft Day Software Internet-Draft Day Software
Obsoletes: 2616 (if approved) J. Gettys Obsoletes: 2616 (if approved) J. Gettys
Intended status: Standards Track One Laptop per Child Intended status: Standards Track One Laptop per Child
Expires: August 27, 2008 J. Mogul Expires: December 19, 2008 J. Mogul
HP HP
H. Frystyk H. Frystyk
Microsoft Microsoft
L. Masinter L. Masinter
Adobe Systems Adobe Systems
P. Leach P. Leach
Microsoft Microsoft
T. Berners-Lee T. Berners-Lee
W3C/MIT W3C/MIT
Y. Lafon, Ed. Y. Lafon, Ed.
W3C W3C
J. Reschke, Ed. J. Reschke, Ed.
greenbytes greenbytes
February 24, 2008 June 17, 2008
HTTP/1.1, part 6: Caching HTTP/1.1, part 6: Caching
draft-ietf-httpbis-p6-cache-02 draft-ietf-httpbis-p6-cache-03
Status of this Memo Status of this Memo
By submitting this Internet-Draft, each author represents that any By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79. aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
skipping to change at page 1, line 49 skipping to change at page 1, line 49
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on August 27, 2008. This Internet-Draft will expire on December 19, 2008.
Copyright Notice
Copyright (C) The IETF Trust (2008).
Abstract Abstract
The Hypertext Transfer Protocol (HTTP) is an application-level The Hypertext Transfer Protocol (HTTP) is an application-level
protocol for distributed, collaborative, hypermedia information protocol for distributed, collaborative, hypermedia information
systems. HTTP has been in use by the World Wide Web global systems. HTTP has been in use by the World Wide Web global
information initiative since 1990. This document is Part 6 of the information initiative since 1990. This document is Part 6 of the
seven-part specification that defines the protocol referred to as seven-part specification that defines the protocol referred to as
"HTTP/1.1" and, taken together, obsoletes RFC 2616. Part 6 defines "HTTP/1.1" and, taken together, obsoletes RFC 2616. Part 6 defines
requirements on HTTP caches and the associated header fields that requirements on HTTP caches and the associated header fields that
control cache behavior or indicate cacheable response messages. control cache behavior or indicate cacheable response messages.
Editorial Note (To be removed by RFC Editor) Editorial Note (To be removed by RFC Editor)
Discussion of this draft should take place on the HTTPBIS working Discussion of this draft should take place on the HTTPBIS working
group mailing list (ietf-http-wg@w3.org). The current issues list is group mailing list (ietf-http-wg@w3.org). The current issues list is
at <http://www.tools.ietf.org/wg/httpbis/trac/report/11> and related at <http://www.tools.ietf.org/wg/httpbis/trac/report/11> and related
documents (including fancy diffs) can be found at documents (including fancy diffs) can be found at
<http://www.tools.ietf.org/wg/httpbis/>. <http://www.tools.ietf.org/wg/httpbis/>.
This draft incorporates those issue resolutions that were either The changes in this draft are summarized in Appendix B.4.
collected in the original RFC2616 errata list
(<http://purl.org/NET/http-errata>), or which were agreed upon on the
mailing list between October 2006 and November 2007 (as published in
"draft-lafon-rfc2616bis-03").
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 5 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 5
1.1. Purpose . . . . . . . . . . . . . . . . . . . . . . . . . 5 1.1. Purpose . . . . . . . . . . . . . . . . . . . . . . . . . 5
1.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . 6 1.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . 6
1.3. Requirements . . . . . . . . . . . . . . . . . . . . . . . 7 1.3. Requirements . . . . . . . . . . . . . . . . . . . . . . . 7
2. Notational Conventions and Generic Grammar . . . . . . . . . . 8 2. Notational Conventions and Generic Grammar . . . . . . . . . . 8
3. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 3. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
3.1. Cache Correctness . . . . . . . . . . . . . . . . . . . . 8 3.1. Cache Correctness . . . . . . . . . . . . . . . . . . . . 8
skipping to change at page 4, line 5 skipping to change at page 4, line 5
16.2.2. What May be Stored by Caches . . . . . . . . . . . . 30 16.2.2. What May be Stored by Caches . . . . . . . . . . . . 30
16.2.3. Modifications of the Basic Expiration Mechanism . . . 31 16.2.3. Modifications of the Basic Expiration Mechanism . . . 31
16.2.4. Cache Revalidation and Reload Controls . . . . . . . 33 16.2.4. Cache Revalidation and Reload Controls . . . . . . . 33
16.2.5. No-Transform Directive . . . . . . . . . . . . . . . 35 16.2.5. No-Transform Directive . . . . . . . . . . . . . . . 35
16.2.6. Cache Control Extensions . . . . . . . . . . . . . . 36 16.2.6. Cache Control Extensions . . . . . . . . . . . . . . 36
16.3. Expires . . . . . . . . . . . . . . . . . . . . . . . . . 37 16.3. Expires . . . . . . . . . . . . . . . . . . . . . . . . . 37
16.4. Pragma . . . . . . . . . . . . . . . . . . . . . . . . . . 38 16.4. Pragma . . . . . . . . . . . . . . . . . . . . . . . . . . 38
16.5. Vary . . . . . . . . . . . . . . . . . . . . . . . . . . . 38 16.5. Vary . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
16.6. Warning . . . . . . . . . . . . . . . . . . . . . . . . . 39 16.6. Warning . . . . . . . . . . . . . . . . . . . . . . . . . 39
17. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 42 17. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 42
17.1. Message Header Registration . . . . . . . . . . . . . . . 42
18. Security Considerations . . . . . . . . . . . . . . . . . . . 42 18. Security Considerations . . . . . . . . . . . . . . . . . . . 42
19. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 42 19. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 43
20. References . . . . . . . . . . . . . . . . . . . . . . . . . . 42 20. References . . . . . . . . . . . . . . . . . . . . . . . . . . 43
20.1. Normative References . . . . . . . . . . . . . . . . . . . 42 20.1. Normative References . . . . . . . . . . . . . . . . . . . 43
20.2. Informative References . . . . . . . . . . . . . . . . . . 44 20.2. Informative References . . . . . . . . . . . . . . . . . . 44
Appendix A. Compatibility with Previous Versions . . . . . . . . 44 Appendix A. Compatibility with Previous Versions . . . . . . . . 44
A.1. Changes from RFC 2068 . . . . . . . . . . . . . . . . . . 44 A.1. Changes from RFC 2068 . . . . . . . . . . . . . . . . . . 44
A.2. Changes from RFC 2616 . . . . . . . . . . . . . . . . . . 44 A.2. Changes from RFC 2616 . . . . . . . . . . . . . . . . . . 45
Appendix B. Change Log (to be removed by RFC Editor before Appendix B. Change Log (to be removed by RFC Editor before
publication) . . . . . . . . . . . . . . . . . . . . 44 publication) . . . . . . . . . . . . . . . . . . . . 45
B.1. Since RFC2616 . . . . . . . . . . . . . . . . . . . . . . 45 B.1. Since RFC2616 . . . . . . . . . . . . . . . . . . . . . . 45
B.2. Since draft-ietf-httpbis-p6-cache-00 . . . . . . . . . . . 45 B.2. Since draft-ietf-httpbis-p6-cache-00 . . . . . . . . . . . 45
B.3. Since draft-ietf-httpbis-p6-cache-01 . . . . . . . . . . . 45 B.3. Since draft-ietf-httpbis-p6-cache-01 . . . . . . . . . . . 46
B.4. Since draft-ietf-httpbis-p6-cache-02 . . . . . . . . . . . 46
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46 Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 48 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 49
Intellectual Property and Copyright Statements . . . . . . . . . . 51 Intellectual Property and Copyright Statements . . . . . . . . . . 52
1. Introduction 1. Introduction
HTTP is typically used for distributed information systems, where HTTP is typically used for distributed information systems, where
performance can be improved by the use of response caches, and performance can be improved by the use of response caches, and
includes a number of elements intended to make caching work as well includes a number of elements intended to make caching work as well
as possible. Because these elements interact with each other, it is as possible. Because these elements interact with each other, it is
useful to describe the caching design of HTTP separately. This useful to describe the caching design of HTTP separately. This
document defines aspects of HTTP/1.1 related to caching and reusing document defines aspects of HTTP/1.1 related to caching and reusing
response messages. response messages.
skipping to change at page 42, line 25 skipping to change at page 42, line 25
If an implementation receives a message with a warning-value that If an implementation receives a message with a warning-value that
includes a warn-date, and that warn-date is different from the Date includes a warn-date, and that warn-date is different from the Date
value in the response, then that warning-value MUST be deleted from value in the response, then that warning-value MUST be deleted from
the message before storing, forwarding, or using it. (This prevents the message before storing, forwarding, or using it. (This prevents
bad consequences of naive caching of Warning header fields.) If all bad consequences of naive caching of Warning header fields.) If all
of the warning-values are deleted for this reason, the Warning header of the warning-values are deleted for this reason, the Warning header
MUST be deleted as well. MUST be deleted as well.
17. IANA Considerations 17. IANA Considerations
[[anchor1: TBD.]] 17.1. Message Header Registration
The Message Header Registry located at <http://www.iana.org/
assignments/message-headers/message-header-index.html> should be
updated with the permanent registrations below (see [RFC3864]):
+-------------------+----------+----------+--------------+
| Header Field Name | Protocol | Status | Reference |
+-------------------+----------+----------+--------------+
| Age | http | standard | Section 16.1 |
| Cache-Control | http | standard | Section 16.2 |
| Expires | http | standard | Section 16.3 |
| Pragma | http | standard | Section 16.4 |
| Vary | http | standard | Section 16.5 |
| Warning | http | standard | Section 16.6 |
+-------------------+----------+----------+--------------+
The change controller is: "IETF (iesg@ietf.org) - Internet
Engineering Task Force".
18. Security Considerations 18. Security Considerations
Caching proxies provide additional potential vulnerabilities, since Caching proxies provide additional potential vulnerabilities, since
the contents of the cache represent an attractive target for the contents of the cache represent an attractive target for
malicious exploitation. Because cache contents persist after an HTTP malicious exploitation. Because cache contents persist after an HTTP
request is complete, an attack on the cache can reveal information request is complete, an attack on the cache can reveal information
long after a user believes that the information has been removed from long after a user believes that the information has been removed from
the network. Therefore, cache contents should be protected as the network. Therefore, cache contents should be protected as
sensitive information. sensitive information.
skipping to change at page 43, line 11 skipping to change at page 43, line 27
[ISO-8859-1] [ISO-8859-1]
International Organization for Standardization, International Organization for Standardization,
"Information technology -- 8-bit single-byte coded graphic "Information technology -- 8-bit single-byte coded graphic
character sets -- Part 1: Latin alphabet No. 1", ISO/ character sets -- Part 1: Latin alphabet No. 1", ISO/
IEC 8859-1:1998, 1998. IEC 8859-1:1998, 1998.
[Part1] Fielding, R., Ed., Gettys, J., Mogul, J., Frystyk, H., [Part1] Fielding, R., Ed., Gettys, J., Mogul, J., Frystyk, H.,
Masinter, L., Leach, P., Berners-Lee, T., Lafon, Y., Ed., Masinter, L., Leach, P., Berners-Lee, T., Lafon, Y., Ed.,
and J. Reschke, Ed., "HTTP/1.1, part 1: URIs, Connections, and J. Reschke, Ed., "HTTP/1.1, part 1: URIs, Connections,
and Message Parsing", draft-ietf-httpbis-p1-messaging-02 and Message Parsing", draft-ietf-httpbis-p1-messaging-03
(work in progress), February 2008. (work in progress), June 2008.
[Part2] Fielding, R., Ed., Gettys, J., Mogul, J., Frystyk, H., [Part2] Fielding, R., Ed., Gettys, J., Mogul, J., Frystyk, H.,
Masinter, L., Leach, P., Berners-Lee, T., Lafon, Y., Ed., Masinter, L., Leach, P., Berners-Lee, T., Lafon, Y., Ed.,
and J. Reschke, Ed., "HTTP/1.1, part 2: Message and J. Reschke, Ed., "HTTP/1.1, part 2: Message
Semantics", draft-ietf-httpbis-p2-semantics-02 (work in Semantics", draft-ietf-httpbis-p2-semantics-03 (work in
progress), February 2008. progress), June 2008.
[Part3] Fielding, R., Ed., Gettys, J., Mogul, J., Frystyk, H., [Part3] Fielding, R., Ed., Gettys, J., Mogul, J., Frystyk, H.,
Masinter, L., Leach, P., Berners-Lee, T., Lafon, Y., Ed., Masinter, L., Leach, P., Berners-Lee, T., Lafon, Y., Ed.,
and J. Reschke, Ed., "HTTP/1.1, part 3: Message Payload and J. Reschke, Ed., "HTTP/1.1, part 3: Message Payload
and Content Negotiation", draft-ietf-httpbis-p3-payload-02 and Content Negotiation", draft-ietf-httpbis-p3-payload-03
(work in progress), February 2008. (work in progress), June 2008.
[Part4] Fielding, R., Ed., Gettys, J., Mogul, J., Frystyk, H., [Part4] Fielding, R., Ed., Gettys, J., Mogul, J., Frystyk, H.,
Masinter, L., Leach, P., Berners-Lee, T., Lafon, Y., Ed., Masinter, L., Leach, P., Berners-Lee, T., Lafon, Y., Ed.,
and J. Reschke, Ed., "HTTP/1.1, part 4: Conditional and J. Reschke, Ed., "HTTP/1.1, part 4: Conditional
Requests", draft-ietf-httpbis-p4-conditional-02 (work in Requests", draft-ietf-httpbis-p4-conditional-03 (work in
progress), February 2008. progress), June 2008.
[Part5] Fielding, R., Ed., Gettys, J., Mogul, J., Frystyk, H., [Part5] Fielding, R., Ed., Gettys, J., Mogul, J., Frystyk, H.,
Masinter, L., Leach, P., Berners-Lee, T., Lafon, Y., Ed., Masinter, L., Leach, P., Berners-Lee, T., Lafon, Y., Ed.,
and J. Reschke, Ed., "HTTP/1.1, part 5: Range Requests and and J. Reschke, Ed., "HTTP/1.1, part 5: Range Requests and
Partial Responses", draft-ietf-httpbis-p5-range-02 (work Partial Responses", draft-ietf-httpbis-p5-range-03 (work
in progress), February 2008. in progress), June 2008.
[Part7] Fielding, R., Ed., Gettys, J., Mogul, J., Frystyk, H., [Part7] Fielding, R., Ed., Gettys, J., Mogul, J., Frystyk, H.,
Masinter, L., Leach, P., Berners-Lee, T., Lafon, Y., Ed., Masinter, L., Leach, P., Berners-Lee, T., Lafon, Y., Ed.,
and J. Reschke, Ed., "HTTP/1.1, part 7: Authentication", and J. Reschke, Ed., "HTTP/1.1, part 7: Authentication",
draft-ietf-httpbis-p7-auth-02 (work in progress), draft-ietf-httpbis-p7-auth-03 (work in progress),
February 2008. June 2008.
[RFC2047] Moore, K., "MIME (Multipurpose Internet Mail Extensions) [RFC2047] Moore, K., "MIME (Multipurpose Internet Mail Extensions)
Part Three: Message Header Extensions for Non-ASCII Text", Part Three: Message Header Extensions for Non-ASCII Text",
RFC 2047, November 1996. RFC 2047, November 1996.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
20.2. Informative References 20.2. Informative References
[RFC1305] Mills, D., "Network Time Protocol (Version 3) [RFC1305] Mills, D., "Network Time Protocol (Version 3)
Specification, Implementation", RFC 1305, March 1992. Specification, Implementation", RFC 1305, March 1992.
[RFC2616] Fielding, R., Gettys, J., Mogul, J., Frystyk, H., [RFC2616] Fielding, R., Gettys, J., Mogul, J., Frystyk, H.,
Masinter, L., Leach, P., and T. Berners-Lee, "Hypertext Masinter, L., Leach, P., and T. Berners-Lee, "Hypertext
Transfer Protocol -- HTTP/1.1", RFC 2616, June 1999. Transfer Protocol -- HTTP/1.1", RFC 2616, June 1999.
[RFC3864] Klyne, G., Nottingham, M., and J. Mogul, "Registration
Procedures for Message Header Fields", BCP 90, RFC 3864,
September 2004.
Appendix A. Compatibility with Previous Versions Appendix A. Compatibility with Previous Versions
A.1. Changes from RFC 2068 A.1. Changes from RFC 2068
A case was missed in the Cache-Control model of HTTP/1.1; s-maxage A case was missed in the Cache-Control model of HTTP/1.1; s-maxage
was introduced to add this missing case. (Sections 6, 16.2, 16.2.3) was introduced to add this missing case. (Sections 6, 16.2, 16.2.3)
Transfer-coding and message lengths all interact in ways that Transfer-coding and message lengths all interact in ways that
required fixing exactly when chunked encoding is used (to allow for required fixing exactly when chunked encoding is used (to allow for
transfer encoding that may not be self delimiting); it was important transfer encoding that may not be self delimiting); it was important
skipping to change at page 46, line 4 skipping to change at page 46, line 21
o Use names of RFC4234 core rules DQUOTE and HTAB (work in progress o Use names of RFC4234 core rules DQUOTE and HTAB (work in progress
on <http://www3.tools.ietf.org/wg/httpbis/trac/ticket/36>) on <http://www3.tools.ietf.org/wg/httpbis/trac/ticket/36>)
B.3. Since draft-ietf-httpbis-p6-cache-01 B.3. Since draft-ietf-httpbis-p6-cache-01
Closed issues: Closed issues:
o <http://www3.tools.ietf.org/wg/httpbis/trac/ticket/82>: "rel_path o <http://www3.tools.ietf.org/wg/httpbis/trac/ticket/82>: "rel_path
not used" not used"
Other changes: Other changes:
o Get rid of duplicate BNF rule names ("host" -> "uri-host") (work o Get rid of duplicate BNF rule names ("host" -> "uri-host") (work
in progress on in progress on
<http://www3.tools.ietf.org/wg/httpbis/trac/ticket/36>) <http://www3.tools.ietf.org/wg/httpbis/trac/ticket/36>)
o Add explicit references to BNF syntax and rules imported from o Add explicit references to BNF syntax and rules imported from
other parts of the specification. other parts of the specification.
B.4. Since draft-ietf-httpbis-p6-cache-02
Ongoing work on IANA Message Header Registration
(<http://www3.tools.ietf.org/wg/httpbis/trac/ticket/40>):
o Reference RFC 3984, and update header registrations for headers
defined in this document.
Index Index
A A
age 7 age 7
Age header 27 Age header 27
C C
cache 5 cache 5
Cache Directives Cache Directives
max-age 32 max-age 32-33
max-age 33
max-stale 32 max-stale 32
min-fresh 32 min-fresh 32
must-revalidate 34 must-revalidate 34
no-cache 29 no-cache 29
no-store 30 no-store 30
no-transform 35 no-transform 35
only-if-cached 34 only-if-cached 34
private 29 private 29
proxy-revalidate 35 proxy-revalidate 35
public 29 public 29
skipping to change at page 47, line 34 skipping to change at page 48, line 11
Age 27 Age 27
Cache-Control 27 Cache-Control 27
Expires 37 Expires 37
Pragma 38 Pragma 38
Vary 38 Vary 38
Warning 39 Warning 39
heuristic expiration time 7 heuristic expiration time 7
M M
max-age max-age
Cache Directive 32 Cache Directive 32-33
Cache Directive 33
max-stale max-stale
Cache Directive 32 Cache Directive 32
min-fresh min-fresh
Cache Directive 32 Cache Directive 32
must-revalidate must-revalidate
Cache Directive 34 Cache Directive 34
N N
no-cache no-cache
Cache Directive 29 Cache Directive 29
skipping to change at page 51, line 44 skipping to change at line 2337
attempt made to obtain a general license or permission for the use of attempt made to obtain a general license or permission for the use of
such proprietary rights by implementers or users of this such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at specification can be obtained from the IETF on-line IPR repository at
http://www.ietf.org/ipr. http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at this standard. Please address the information to the IETF at
ietf-ipr@ietf.org. ietf-ipr@ietf.org.
Acknowledgment
Funding for the RFC Editor function is provided by the IETF
Administrative Support Activity (IASA).
 End of changes. 24 change blocks. 
38 lines changed or deleted 61 lines changed or added

This html diff was produced by rfcdiff 1.34. The latest version is available from http://tools.ietf.org/tools/rfcdiff/