W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2003

Re: RFC 2617 Authentication and character sets revisited

From: Scott Lawrence <scott-http@skrb.org>
Date: Wed, 26 Nov 2003 13:57:15 -0500
To: yngve@opera.com
Cc: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
Message-ID: <m3d6bf7yb8.fsf@kathmandu.pingtel.com>

Yngve Nysaeter Pettersen <yngve@opera.com> writes:

> The server and client must *also* agree about the binary representation
> (character set and encoding) of the username, as the username is used as an
> index into the password database.

The difference is that the username is also passed in clear, so the
encoding used on the wire for that attribute can be used (as is the
case for all the other inputs to the hash).  Perhaps we need a
sentence to make that explicit?

-- 
Scott Lawrence        
  http://skrb.org/scott/
Received on Wednesday, 26 November 2003 13:57:49 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:49:25 GMT