W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > September to December 1998

non-ascii user name & password

From: Larry Masinter <masinter@parc.xerox.com>
Date: Mon, 21 Sep 1998 01:10:26 PDT
To: paulle@microsoft.com
Cc: http-wg@hplb.hpl.hp.com, Chris.Newman@innosoft.com
Message-Id: <98Sep21.011035pdt."1585229"@skaskatch.parc.xerox.com>
TEXT is inappropriate for user name and password, since:

# The TEXT rule is only used for descriptive field contents and values
# that are not intended to be interpreted by the message parser. 

Whether or not it's typed, it's still a string that has to be parsed
and interpreted by the server.

The problem is that UTF-8 doesn't quite have a well-defined
'canonical' form yet, either, although one is being developed, the
canonicalization algorithm won't be at "draft standard". So you might
have two browsers that would enter the same user name with different
UTF-8 encodings, too.

And we're not normally requiring clients to implement UTF-8
transformations of user type-in at all so this will be a big problem.

On the other hand, it seems inappropriate to restrict user *names* to
US-ASCII. I wonder if we could change the BNF and description text
from "user name" and "username" to "user id", even if we leave

    username         = "username" "=" user-id

Larry
Received on Monday, 21 September 1998 01:14:24 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:33:24 EDT