W3C home > Mailing lists > Public > www-international@w3.org > July to September 1996

Re: Non 8859/1 in Basic Auth

From: Larry Masinter <masinter@parc.xerox.com>
Date: Sat, 21 Sep 1996 02:02:57 PDT
To: greenwd@openmarket.com
CC: www-international@w3.org
Message-Id: <96Sep21.020257pdt."2759"@golden.parc.xerox.com>
I think what happened was that originally TEXT didn't allow encoding,
until it was pointed out that some TEXT fields returned messages that
might need to be non-ISO-8859-1. However, the use of TEXT in basic &
digest authentication for user name & password means that if you have
a non-ISO-8859-1 character string, you might wind up base64 encoding
it twice:

a) real userid base64 encoded using RFC1522
  e.g.,  =?ISO-8859-2?B?dSB1bmRlcnN0YW5kIHRoZSBleGFtcGxlLg==?=
b) userid:password base64 encoded in basic-cookie.

This is pretty unsatisfactory; also RFC1522 encoding has optional
variants, but probably there is no authentication client that would
accept any of them, much less multiple.

Since everyone is really to trash basic authentication anyway ("Use
Digest Or Better"), perhaps it's not worth fixing it, but maybe it is
worth fixing for digest or its followons.

Regards,

Larry
Received on Saturday, 21 September 1996 05:03:18 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 19:16:45 GMT