- From: Sam Ruby <rubys@intertwingly.net>
- Date: Mon, 09 Aug 2004 14:45:50 -0400
- CC: uri@w3.org, Atom WG <atom-syntax@imc.org>
Roy T. Fielding wrote: > > On Monday, August 9, 2004, at 08:39 AM, Graham Klyne wrote: > >> At 08:54 09/08/04 -0400, Sam Ruby wrote: >> >>> http://:@example.com/ >> >> I'd say that's different from http://example.com/, in that it contains >> empty username/password values, which the latter does not. For >> example, following the exhortation not to expose passwords, my >> software would (by default) display this as: >> http://:********@example.com/ >> whereas the other would be displayed unchanged. >> >> (I'm not claiming this is a *useful* distinction, but lacking any text >> that says a null username/password is the same as having no >> username/password, I'd say that it does exist.) > > Yes, and it is a useful distinction because it defines how the user > agent should respond to an initial authentication request, whereas > without the colon the user agent is not supposed to try authenticating > on its own. A follow up question then, how about: http://@example.com/ > Right, the only thing it might make sense to add is a bullet explicitly > restating what is already said about an empty port in 6.2.3. However, > this is not a conformance issue since all normalization is optional. I would find it to be helpful if a simple statement that empty fragments, queries, passwords (or possibly userinfo) are to be preserved by canonicalization. - Sam Ruby
Received on Monday, 9 August 2004 18:45:54 UTC