W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2006

Re: [Ietf-http-auth] Updating RFC 2617 (HTTP Digest) to use UTF-8

From: Stefan Eissing <stefan.eissing@greenbytes.de>
Date: Tue, 26 Sep 2006 09:42:08 +0200
Message-Id: <334B865E-9A8E-4A18-8A03-F09418C61587@greenbytes.de>
Cc: Martin Duerst <duerst@it.aoyama.ac.jp>, ietf-http-auth@osafoundation.org, ietf-http-wg@w3.org
To: Stefan Eissing <stefan.eissing@greenbytes.de>


Am 26.09.2006 um 09:39 schrieb Stefan Eissing:

>
> Am 26.09.2006 um 03:56 schrieb Martin Duerst:
>
>>
>> I agree with Julian and Bjoern here: IN THEORY, RFC 2047
>> (http://www.ietf.org/rfc/rfc2047.txt) (except for iso-8859-1)
>> would apply, but:
>> - it's not a very good theory: outdated because based on a view
>>   that the Web is basically iso-8859-1, and difficult to implement
>> - practice is different
>> - IETF policy is different
>
> For interoperability, the encoding of usernames and passwords seems  
> to be most interesting. If the encoding of the realm is  
> misunderstood by the client (in a deterministic way) then interop  
> could still be achieved, right?

To answer myself: not in digest authentication, stupid.

//Stefan

> //Stefan
>
>> Regards,    Martin.
>>
>> At 09:48 06/09/26, Bjoern Hoehrmann wrote:
>>> * Julian Reschke wrote:
>>>> Jim Luther schrieb:
>>>>> While we're on this subject... In rfc2617 secction 3.2.1, it says:
>>>>>
>>>>>> realm
>>>>>>      A string to be displayed to users so they know which  
>>>>>> username and
>>>>>>      password to use.
>>>>>
>>>>> It would be also nice to define the encoding of the realm  
>>>>> string so that
>>>>> clients that display the realm to users can display it  
>>>>> correctly. We've
>>>>> seen realms from servers encoded UTF-8, ISO-8859-1, and with  
>>>>> various
>>>>> Windows encodings. There's no good way to guess which encoding  
>>>>> to use
>>>>> and so whatever is used is currently wrong on some servers.
>>>
>>>> I was thinking "should be UTF-8, of course". But doesn't really  
>>>> RFC2045
>>>> apply here at least in theory?
>>>
>>> The realm-value is a quoted-string, and quoted-string is defined as
>>>
>>>       quoted-string  = ( <"> *(qdtext | quoted-pair ) <"> )
>>>       qdtext         = <any TEXT except <">>
>>>
>>> and TEXT is
>>>
>>>   The TEXT rule is only used for descriptive field contents and  
>>> values
>>>   that are not intended to be interpreted by the message parser.  
>>> Words
>>>   of *TEXT MAY contain characters from character sets other than  
>>> ISO-
>>>   8859-1 [22] only when encoded according to the rules of RFC 2047
>>>   [14].
>>>
>>>       TEXT           = <any OCTET except CTLs,
>>>                        but including LWS>
>>>
>>> So you could use realm="=?utf-8?b?..." or its variants. As you  
>>> say, in
>>> theory; I am unaware of any implementation that supports encoded  
>>> words
>>> in HTTP headers..
>>> -- 
>>> Bj�n H�rmann キ mailto:bjoern@hoehrmann.de キ http:// 
>>> bjoern.hoehrmann.de
>>> Weinh. Str. 22 キ Telefon: +49(0)621/4309674 キ http:// 
>>> www.bjoernsworld.de
>>> 68309 Mannheim キ PGP Pub. KeyID: 0xA4357E78 キ http:// 
>>> www.websitedev.de/
>>> _______________________________________________
>>> Ietf-http-auth mailing list
>>> Ietf-http-auth@osafoundation.org
>>> http://lists.osafoundation.org/cgi-bin/mailman/listinfo/ietf-http- 
>>> auth
>>
>>
>> #-#-#  Martin J. Du"rst, Assoc. Professor, Aoyama Gakuin University
>> #-#-#  http://www.sw.it.aoyama.ac.jp        
>> mailto:duerst@it.aoyama.ac.jp
>>
>>
>
> _______________________________________________
> Ietf-http-auth mailing list
> Ietf-http-auth@osafoundation.org
> http://lists.osafoundation.org/cgi-bin/mailman/listinfo/ietf-http-auth
Received on Tuesday, 26 September 2006 07:42:17 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:49:46 GMT