This is a sneaky issue which requires several parts to trigger:
1) HTTP server that doesn't include a HTTP "Date:" response header.
2) manual construction of HTTP Authorization request header.
3) use of HttpRequestCachePolicy.
If HTTP server is fixed to include a Date, OR request.Credentials is used for authentication, OR request.CachePolicy isn't specified, the bug doesn't trigger. I'm doing manual HTTP Basic Auth to avoid the initial unnecessary 401-Unauthorized server roundtrip.
The bug triggers on the second HttpWebRequest to the server, which gives a 304 Not Modified response - and causes HttpWebRequest to throw an exception istead of serving cached content.
More information at http://stackoverflow.com/questions/4328439/httpwebrequest-with-caching-enabled-throws-exceptions .