W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2008

Re: IRIs, IDNAbis, and HTTP [i74]

From: Stefan Eissing <stefan.eissing@greenbytes.de>
Date: Fri, 14 Mar 2008 14:12:48 +0100
Message-Id: <40180A8A-1661-4387-A1A6-AC9EBC907E84@greenbytes.de>
To: HTTP Group Working <ietf-http-wg@w3.org>


Am 14.03.2008 um 13:38 schrieb Frank Ellermann:
>
> Stefan Eissing wrote:
>
>> Basic just fails to specify how a username is converted to octets,
>> right?
>
> Ditto passwords and Digest.  RFC 2617 inherits the 2616 *TEXT, and
> that is to be interpreted as Latin-1 octets when it's not RFC 2047
> encoded.  And you don't 2047-encode user names and passwords used
> as input for Basic / Digest / ...  My crystal ball says.

Yes and yes.

> [...]Won't work directly for Basic - unless we jump from
> 2616 HTTP/1.1 Latin-1 to a 2616ter HTTP/1.2 UTF-8.  That is no
> goal for 2616bis in this round.


My point is: fix Basic and Digest. HTTP/1.1 needs no additional  
charset for its auth headers. Even if someone comes up with a miracle  
to make HTTP/1.1 send utf-8 headers, it would not make authentication  
work for deployed software. Simply because the code en/decoding auth  
header values is most likely totally separate from any generic header  
parsing stuff.

Deprecate use of 2047-encode in 1.1 headers and close the issue, please.

--
<green/>bytes GmbH, Hafenweg 16, D-48155 Münster, Germany
Amtsgericht Münster: HRB5782
Received on Friday, 14 March 2008 13:13:35 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:50:37 GMT