must-revalidate overspecifies a MUST send 504 instead of 5xx

[royfielding]

This issue is from a related discussion on Apache httpd, which was trying to comply by sending a 504 even though the revalidation error was a 502. That's nuts.

The current text for must-revalidate says:

The must-revalidate directive is necessary to support reliable operation for certain protocol features. In all circumstances a cache MUST obey the must-revalidate directive; in particular, if a cache is disconnected, the cache MUST generate a 504 (Gateway Timeout) response rather than reuse the stale response.

However, if a proxy/gateway received a 5xx response while trying to revalidate, this requirement forces it to toss that information and supply a useless 504 instead. That isn't desirable. The entire purpose of this requirement is to make sure that the cache does not respond with its stale entry. Hence, any 5xx code is sufficient.

[minfrin]

To fill in more detail, the change in question is this one:

apache/httpd@a7fc0f0

And covers the wide question of "which 5xx response is returned in low level network failure cases, such as DNS error, connection refused, connection timed out, etc".

The commit message referred to RFC2616 14.9.4 Cache Revalidation and Reload Controls, but this seems to be a wider issue.

[mnot]

Yes, that MUST is too strong; I suspect it's there to make the mechanism reliable, not override other potential status codes.

Will work on a PR.