W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2010

Re: [http-state] Missing specification in RFC 2617, cannot use a user name nor a password in encoding different from ISO-8859-1

From: Julian Reschke <julian.reschke@gmx.de>
Date: Tue, 04 May 2010 08:57:45 +0200
Message-ID: <4BDFC569.7070900@gmx.de>
To: Adam Barth <ietf@adambarth.com>
CC: Honza Bambas <hbambas@mozilla.com>, http-state@ietf.org, HTTP Working Group <ietf-http-wg@w3.org>
On 03.05.2010 23:12, Adam Barth wrote:
> Hi Honza,
>
> Thanks for your message, but I think you might have meant to send it to
> another mailing list.  Perhaps ietf-http-wg@w3.org
> <mailto:ietf-http-wg@w3.org>?  This working group is about cookies, not
> about HTTP authentication.
>
> Kind regards,
> Adam
> ...

The HTTPbis WG isn't revising the scheme definitions of RFC 2617 (at 
this point); but of course it's fine to discuss auth related issues on 
that mailing list.

This topic comes up every now and then (lately in Mozilla and Chromium 
bugs). As far as I understand, Basic authentication *could* be improved 
by adding a new auth-param, selecting a preferred encoding.

In theory, this could be deployed in a backwards-compatible way; old 
clients will (well, should) just ignore it, new clients can switch to a 
different encoding. What's needed is a spec, plus volunteers to 
implement this in at least one server framework and a few UAs.

Best regards, Julian
Received on Tuesday, 4 May 2010 06:58:39 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:18 GMT