Link: http://trac.tools.ietf.org/wg/httpbis/trac/ticket/12
Origin: http://lists.w3.org/Archives/Public/ietf-http-wg/2002AprJun/0058.html
Component: p6-cache
There is some ambiguity in Section13.10 as to how the word 'only' binds here:
In order to prevent denial of service attacks, an invalidation based on the URI in a Location or Content-Location header MUST only be performed if the host part is the same as in the Request-URI.
The following clarification, along with separating the clause explaining the rationale for the rule, is suggested:
An invalidation based on the URI in a Location or Content-Location header MUST NOT be performed if the host part of that URI differs from the host part in the Request-URI. This helps prevent denial of service attacks.
Fixed in [77]