W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2003

RE: RFC 2617: Which character should be used?

From: Joris Dobbelsteen <joris.dobbelsteen@mail.com>
Date: Wed, 16 Apr 2003 20:04:01 +0200
To: "'Scott Lawrence'" <scott-http@skrb.org>, <ietf-http-wg@w3.org>
Cc: <yngve@opera.com>
Message-ID: <001d01c30442$8fdfd730$0d0ca8c0@joris2k.local>

>-----Original Message-----
>From: ietf-http-wg-request@w3.org
>[mailto:ietf-http-wg-request@w3.org]On
>Behalf Of Scott Lawrence
>Sent: Wednesday, 16 April 2003 14:20
>To: ietf-http-wg@w3.org
>Cc: yngve@opera.com
>Subject: Re: RFC 2617: Which character should be used?
>
>
>
>Yngve Nysaeter Pettersen <yngve@opera.com> writes:
>
>> My suggestion is that UTF-8 is selected as the character set
>used to encode
>> the username and password values when creating the "user-pass" string
>> (sec. 2) and the "username-value" and "passwd" strings in
>sec. 3.2.2. It
>> might also be an idea to specify the same for other text
>attributes as well.
>
>I just took a look at the spec to try to come up with specific
>language for this.
>
>Section 3.2.2.2 A1 add:
>
>   The passwd value used should be encoded using UTF-8.
>
>I don't think it's an issue for the user-pass string or
>username-value, since these are just literals that are passed in the
>clear to the server anyway.  Can't the server just use them as is?
>

I believe this might be a problem as it might differ from existing
implementations.
Making passwords UTF-8 before MD5 yields a complete different result from using
ASCII and then MD5 for Digest. This is also true for Basic (using Base64).
I would expect implementations to currently use the ASCII character-set.

This does indeed not solve the issues regarding languages using another
character set. I don't have any details how current implementations do this.

HTTP (including HTTP/1.1) is much older than BCP 18 (RFC 2277), so I don't
believe its recommendation is used.


>--
>Scott Lawrence
>

- Joris
Received on Wednesday, 16 April 2003 14:03:11 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:49:23 GMT