W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2006

Re: [Ietf-http-auth] Updating RFC 2617 (HTTP Digest) to use UTF-8

From: Robert Sayre <sayrer@gmail.com>
Date: Sat, 14 Oct 2006 21:53:18 -0400
Message-ID: <68fba5c50610141853o1361f283ldc0a129c4ef10bcf@mail.gmail.com>
To: "Lisa Dusseault" <lisa@osafoundation.org>
Cc: "Martin Duerst" <duerst@it.aoyama.ac.jp>, "HTTP authentication list" <ietf-http-auth@osafoundation.org>, "HTTP Working Group" <ietf-http-wg@w3.org>

On 9/25/06, Lisa Dusseault <lisa@osafoundation.org> wrote:
> I agree it would be good to update RFC2617.  Is anybody going to take
> a stab at it?
>

As a data point, Mozilla always uses a lossy UTF16-to-ASCII conversion
for Basic [1] and always uses UTF-8 for Digest [2]. Both
implementations date from 2001. We have no bugs filed on Digest
authentication charsets, and one bug on Basic that's been filed
several times.[3]

I don't think a 2617 update is a good use of time, but I will update
our networking code in the event an update is completed. MD5-sess is
essentially unused. An update should drop it.

1.) http://lxr.mozilla.org/seamonkey/source/netwerk/protocol/http/src/nsHttpBasicAuth.cpp#108
2.) http://lxr.mozilla.org/seamonkey/source/netwerk/protocol/http/src/nsHttpDigestAuth.cpp#330
3.) https://bugzilla.mozilla.org/show_bug.cgi?id=41489

-- 

Robert Sayre
Received on Sunday, 15 October 2006 01:53:30 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:49:53 GMT