W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2003

RE: RFC 2617: Which character should be used?

From: Joris Dobbelsteen <joris.dobbelsteen@mail.com>
Date: Wed, 16 Apr 2003 20:04:01 +0200
To: "'Scott Lawrence'" <scott-http@skrb.org>, <ietf-http-wg@w3.org>
Cc: <yngve@opera.com>
Message-ID: <001d01c30442$8fdfd730$0d0ca8c0@joris2k.local>

>-----Original Message-----
>From: ietf-http-wg-request@w3.org
>Behalf Of Scott Lawrence
>Sent: Wednesday, 16 April 2003 14:20
>To: ietf-http-wg@w3.org
>Cc: yngve@opera.com
>Subject: Re: RFC 2617: Which character should be used?
>Yngve Nysaeter Pettersen <yngve@opera.com> writes:
>> My suggestion is that UTF-8 is selected as the character set
>used to encode
>> the username and password values when creating the "user-pass" string
>> (sec. 2) and the "username-value" and "passwd" strings in
>sec. 3.2.2. It
>> might also be an idea to specify the same for other text
>attributes as well.
>I just took a look at the spec to try to come up with specific
>language for this.
>Section A1 add:
>   The passwd value used should be encoded using UTF-8.
>I don't think it's an issue for the user-pass string or
>username-value, since these are just literals that are passed in the
>clear to the server anyway.  Can't the server just use them as is?

I believe this might be a problem as it might differ from existing
Making passwords UTF-8 before MD5 yields a complete different result from using
ASCII and then MD5 for Digest. This is also true for Basic (using Base64).
I would expect implementations to currently use the ASCII character-set.

This does indeed not solve the issues regarding languages using another
character set. I don't have any details how current implementations do this.

HTTP (including HTTP/1.1) is much older than BCP 18 (RFC 2277), so I don't
believe its recommendation is used.

>Scott Lawrence

- Joris
Received on Wednesday, 16 April 2003 14:03:11 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:10:36 UTC