Re: Sections 3.3.1 and 5.1

> You suggestion about requiring canonical form has the right intent, but
> since many existing clients don't send in canonical form, and the
> purpose we were seeking (authentication) only requires that the URLs not
> be modified, it seemed like an unnecesary burden to require canonical
> form.

I'll reiterate again that this is not the purpose of that rule.
The purpose is to prevent accidental failure due to faulty origin
servers depending upon unreserved characters for reserved purposes.
Authentication does not depend on the Request-URI (not even in
the future).

 ...Roy T. Fielding
    Department of Information & Computer Science    (
    University of California, Irvine, CA 92717-3425    fax:+1(714)824-4056

Received on Saturday, 1 June 1996 03:25:01 UTC