W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2006

Re[2]: [Ietf-http-auth] Updating RFC 2617 (HTTP Digest) to use UTF-8

From: Chris Drake <christopher@pobox.com>
Date: Tue, 26 Sep 2006 07:47:12 +1000
Message-ID: <14010515167.20060926074712@pobox.com>
To: Lisa Dusseault <lisa@osafoundation.org>
CC: Martin Duerst <duerst@it.aoyama.ac.jp>, HTTP authentication list <ietf-http-auth@osafoundation.org>, HTTP Working Group <ietf-http-wg@w3.org>


Do not the HTTP headers from the browser already say what character
encoding has been used, and do not the HTTP headers and HTML from the
server beforehand dictate this stuff too?  Except for the case where
someone is trying to type foreign characters on a PC which can't
understand them (eg: holidaymakers at net cafes where the net cafe has
not installed the language they want to use) - everything should
already be working just fine, yes?

Kind Regards,
Chris Drake

Tuesday, September 26, 2006, 4:31:13 AM, you wrote:

LD> I agree it would be good to update RFC2617.  Is anybody going to take
LD> a stab at it?

LD> Lisa

LD> On Sep 22, 2006, at 7:55 PM, Martin Duerst wrote:

>> Many thanks to Bjoern for the detailed checking and report.
>> My summary of the situation would be as follows:
>> There is currently widely varying practice. Current implementations
>> are anyways broken and non-interoperable. The main reason for this
>> is most probably that there is no clear specification. This means
>> that an update of RFC 2617 is desirable. The new specification
>> should probably go for UTF-8, while noting that there is still
>> some varying practice.
>> Regards,   Martin.
>> At 01:41 06/09/23, Bjoern Hoehrmann wrote:
>>> * Alexey Melnikov wrote:
>>>> Does anybody know if updating RFC 2617 to say that username/ 
>>>> passwords
>>>> are UTF-8 would break any major implementation? For example, does
>>>> anybody know if a major HTTP client/server implementation assume
>>>> ISO 8859-1?
>>> It appears that for Basic authentication the german version of  
>>> Internet
>>> Explorer 6 running on the german version of Windows 2003 as well  
>>> as the
>>> latest english Internet Explorer 7 release candidate running on the
>>> german version of Windows XP will use something like ISO-8859-1  
>>> for both
>>> manual as well as XMLHttpRequest requests. Trying to use U+20AC as
>>> user
>>> name and password they got encoded as 0x80 (Windows-1252) for  
>>> manual re-
>>> quests, and to '?' for XHR. Characters not included in  
>>> Windows-1252 come
>>> out as '?' regardless of the method used. For XHR my test cases  
>>> include
>>> documents encoded as ISO-8859-1 and UTF-8; there did not appear to be
>>> any difference.
>>> The latest en-us version of Firefox uses UTF-8 for XHR and the lower
>>> byte of the character when encoded using UTF-16BE (so for U+20AC you
>>> get 0xAC) when using manual input. For manually entered http:// 
>>> u:p@...
>>> URLs Firefox uses Windows-1252 if possible, UTF-8 otherwise. When XHR
>>> is used with such a URL, it uses UTF-8. The latest en-us version of
>>> Opera9 always uses UTF-8, as far as I can tell based on my limited
>>> testing. Results might well be different on with different default
>>> code
>>> pages, language settings, and so on. Note that the illegal http://
>>> u:p@..
>>> addressing scheme allows to use arbitrary octet sequences using %hh
>>> escape sequences, with some browser-specific limitations.
>>> -- 
>>> Bj?n H?rmann ? mailto:bjoern@hoehrmann.de ? http:// 
>>> bjoern.hoehrmann.de
>>> Weinh. Str. 22 ? Telefon: +49(0)621/4309674 ? http:// 
>>> www.bjoernsworld.de
>>> 68309 Mannheim ? PGP Pub. KeyID: 0xA4357E78 ? http:// 
>>> www.websitedev.de/
>>> _______________________________________________
>>> Ietf-http-auth mailing list
>>> Ietf-http-auth@osafoundation.org
>>> http://lists.osafoundation.org/cgi-bin/mailman/listinfo/ietf-http-
>>> auth
>> #-#-#  Martin J. Du"rst, Assoc. Professor, Aoyama Gakuin University
>> #-#-#  http://www.sw.it.aoyama.ac.jp        
>> mailto:duerst@it.aoyama.ac.jp
>> _______________________________________________
>> Ietf-http-auth mailing list
>> Ietf-http-auth@osafoundation.org
>> http://lists.osafoundation.org/cgi-bin/mailman/listinfo/ietf-http-auth

LD> _______________________________________________
LD> Ietf-http-auth mailing list
LD> Ietf-http-auth@osafoundation.org
LD> http://lists.osafoundation.org/cgi-bin/mailman/listinfo/ietf-http-auth
Received on Monday, 25 September 2006 21:47:43 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:10:40 UTC