Robert, that's great!
From searching a bit in the aolserver code I would say those headers are generated in aolserver whenever ns_returnfile is called. Since the request processor calls that for static files we get this functionality for free, and it also means we don't need to check for the existance of those headers but just refrain from adding any cache control headers when ns_returnfile is being called.
I would therefor suggest to add some code to the request processor that adds the cache control headers in all other cases, overideable by an acs-kernel parameter and on a per-request basis by setting an ad_conn flag as mentioned above.
I don't think that there is much use for a 30min/1 hour/whatever cache directive - typical dynamic pages need to be regenerated on every request and should thus not be cached at all - at least those that display login information on each page, like openacs.org does.
It would be great if the Last-Modified/If-Modified-Since behaviour could be added to cr_write_content later. Being able to avoid the no-cache headers on a per-request basis makes sure that this is possible.