W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > September to December 1998

Re: non-ascii user name & password

From: Chris Newman <Chris.Newman@innosoft.com>
Date: Mon, 21 Sep 1998 16:13:44 +0100 (BST)
To: Larry Masinter <masinter@parc.xerox.com>
Cc: http-wg@hplb.hpl.hp.com
Message-Id: <Pine.SOL.3.95.980921080630.14061A-100000@elwood.innosoft.com>
On Mon, 21 Sep 1998, Larry Masinter wrote:
> The problem is that UTF-8 doesn't quite have a well-defined
> 'canonical' form yet, either, although one is being developed, the
> canonicalization algorithm won't be at "draft standard". So you might
> have two browsers that would enter the same user name with different
> UTF-8 encodings, too.

Good point.  In fact, the UTF-8 spec itself is still proposed, so the HTTP
spec can't reference it normatively.

> And we're not normally requiring clients to implement UTF-8
> transformations of user type-in at all so this will be a big problem.

Fair enough.

> On the other hand, it seems inappropriate to restrict user *names* to
> US-ASCII. I wonder if we could change the BNF and description text
> from "user name" and "username" to "user id", even if we leave
> 
>     username         = "username" "=" user-id

How about we restrict user-ids and typed-in passwords to US-ASCII for now,
declare encoding of non-ASCII characters in those fields undefined but
explicitly forbid use of localized charsets (e.g., ISO-8859-1)?  Then we
can amend it to use UTF-8 later with a spec that progresses separately
on the standards track.

		- Chris
Received on Monday, 21 September 1998 08:13:22 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:33:24 EDT