W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > September to December 1998

Re: non-ascii user name & password

From: Roy T. Fielding <fielding@kiwi.ics.uci.edu>
Date: Thu, 24 Sep 1998 14:09:15 -0700
To: Chris Newman <Chris.Newman@innosoft.com>
Cc: Paul Leach <paulle@microsoft.com>, http-wg@hplb.hpl.hp.com
Message-Id: <9809241409.aa02627@paris.ics.uci.edu>
>My suggestion:
>
>  When a password is typed by a user, the characters are encoded in
>  US-ASCII.  Encoding of non-US-ASCII characters is not specified at this
>  time, but use of localized character sets such as ISO-8859-1 for this
>  purpose is forbidden.  Clients are encouraged to provide a facility for
>  entry of uninterpreted binary passwords.

That would invalidate almost all client implementations of HTTP.
There is no technical reason to define the encoding other than to
say it is a shared understanding between client and server that
is outside the capacity of the protocol to determine, and that
interoperability problems may occur if non-US-ASCII characters
are used.  Forbidding it just makes the specification worthless.

Changing this in existing HTTP systems is not an option.  The only way
to add a specific encoding to the username/password exchange is to
define a new authentication method that requires it from the start.

....Roy
Received on Thursday, 24 September 1998 14:22:03 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:33:24 EDT