3.1.4 Higher-Layer Triggered Events

A client that is capable of using the Public Key Authentication Protocol (PKAP) MUST always make requests to an HTTP server that conform to the "Initial Request" (section 3.1.5.1), regardless of proof of possession of keys that might be required by the server it is trying to access.