W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2006

Re: [Ietf-http-auth] Updating RFC 2617 (HTTP Digest) to use UTF-8

From: Lisa Dusseault <lisa@osafoundation.org>
Date: Mon, 25 Sep 2006 11:31:13 -0700
Message-Id: <96801214-42F3-4DA0-B8B9-02DCC88E62F1@osafoundation.org>
Cc: Bjoern Hoehrmann <derhoermi@gmx.net>, Alexey Melnikov <alexey.melnikov@isode.com>, HTTP authentication list <ietf-http-auth@osafoundation.org>, HTTP Working Group <ietf-http-wg@w3.org>
To: Martin Duerst <duerst@it.aoyama.ac.jp>

I agree it would be good to update RFC2617.  Is anybody going to take  
a stab at it?

Lisa

On Sep 22, 2006, at 7:55 PM, Martin Duerst wrote:

> Many thanks to Bjoern for the detailed checking and report.
>
> My summary of the situation would be as follows:
> There is currently widely varying practice. Current implementations
> are anyways broken and non-interoperable. The main reason for this
> is most probably that there is no clear specification. This means
> that an update of RFC 2617 is desirable. The new specification
> should probably go for UTF-8, while noting that there is still
> some varying practice.
>
> Regards,   Martin.
>
>
> At 01:41 06/09/23, Bjoern Hoehrmann wrote:
>> * Alexey Melnikov wrote:
>>> Does anybody know if updating RFC 2617 to say that username/ 
>>> passwords
>>> are UTF-8 would break any major implementation? For example, does
>>> anybody know if a major HTTP client/server implementation assume  
>>> ISO 8859-1?
>>
>> It appears that for Basic authentication the german version of  
>> Internet
>> Explorer 6 running on the german version of Windows 2003 as well  
>> as the
>> latest english Internet Explorer 7 release candidate running on the
>> german version of Windows XP will use something like ISO-8859-1  
>> for both
>> manual as well as XMLHttpRequest requests. Trying to use U+20AC as  
>> user
>> name and password they got encoded as 0x80 (Windows-1252) for  
>> manual re-
>> quests, and to '?' for XHR. Characters not included in  
>> Windows-1252 come
>> out as '?' regardless of the method used. For XHR my test cases  
>> include
>> documents encoded as ISO-8859-1 and UTF-8; there did not appear to be
>> any difference.
>>
>> The latest en-us version of Firefox uses UTF-8 for XHR and the lower
>> byte of the character when encoded using UTF-16BE (so for U+20AC you
>> get 0xAC) when using manual input. For manually entered http:// 
>> u:p@...
>> URLs Firefox uses Windows-1252 if possible, UTF-8 otherwise. When XHR
>> is used with such a URL, it uses UTF-8. The latest en-us version of
>> Opera9 always uses UTF-8, as far as I can tell based on my limited
>> testing. Results might well be different on with different default  
>> code
>> pages, language settings, and so on. Note that the illegal http:// 
>> u:p@..
>> addressing scheme allows to use arbitrary octet sequences using %hh
>> escape sequences, with some browser-specific limitations.
>> -- 
>> Bj�n H�rmann キ mailto:bjoern@hoehrmann.de キ http:// 
>> bjoern.hoehrmann.de
>> Weinh. Str. 22 キ Telefon: +49(0)621/4309674 キ http:// 
>> www.bjoernsworld.de
>> 68309 Mannheim キ PGP Pub. KeyID: 0xA4357E78 キ http:// 
>> www.websitedev.de/
>> _______________________________________________
>> Ietf-http-auth mailing list
>> Ietf-http-auth@osafoundation.org
>> http://lists.osafoundation.org/cgi-bin/mailman/listinfo/ietf-http- 
>> auth
>
>
> #-#-#  Martin J. Du"rst, Assoc. Professor, Aoyama Gakuin University
> #-#-#  http://www.sw.it.aoyama.ac.jp        
> mailto:duerst@it.aoyama.ac.jp
>
> _______________________________________________
> Ietf-http-auth mailing list
> Ietf-http-auth@osafoundation.org
> http://lists.osafoundation.org/cgi-bin/mailman/listinfo/ietf-http-auth
Received on Monday, 25 September 2006 18:31:26 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:49:46 GMT