W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2008

Re: security impact of dropping charset default [Re: text/* types and charset defaults [i20]]

From: Yutaka Oiwa <y.oiwa@aist.go.jp>
Date: Wed, 23 Jan 2008 12:05:02 +0900
Message-ID: <4796AEDE.20108@aist.go.jp>
To: "Roy T. Fielding" <fielding@gbiv.com>
CC: Mark Nottingham <mnot@mnot.net>, Julian Reschke <julian.reschke@gmx.de>, "'HTTP Working Group'" <ietf-http-wg@w3.org>

Roy T. Fielding wrote:

> I think it would be easier to simply say that (i.e., "The charset
> guessing algorithm MUST exclude 7-bit character encodings other
> than US-ASCII.  In particular, UTF-7 MUST NOT be guessed.")

 From Asian point of view, it is almost unacceptable to exclude all
ISO-2022-* charsets which use ESC as an escape character.
It is not historic, is better than 8-bit charsets in some context
(because these explicitly declare charset using ISO-2022 defined sequences),
and is ASCII upper-compatible by the above definition.

-- 
Yutaka OIWA, Ph.D.                                       Research Scientist
                             Research Center for Information Security (RCIS)
     National Institute of Advanced Industrial Science and Technology (AIST)
                       Mail addresses: <y.oiwa@aist.go.jp>, <yutaka@oiwa.jp>
OpenPGP: id[995DD3E1] fp[3C21 17D0 D953 77D3 02D7 4FEC 4754 40C1 995D D3E1]
Received on Wednesday, 23 January 2008 03:05:09 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:50:36 GMT