Rev81: CHANGE: Sect. 11.1 Basic Authentication

David Morris,, asked Jim Gettys:
  > The question for the experts is:  Is there some 
  > protocol reason that userid shouldn't be redefined as
  >  *(TEXTnotCOLON)?
  > If need be, I or my crew could survey a few more browsers to build the
  > case for current practice. I'll be happy to post a proposed edit to the
  > list if there isn't an obvious reason to not make the change.

I can't think of a *protocol* reason.  Furthermore, I suspect any
robust server is indifferent to what characters precede ':' (including
CTLs!).  That's certainly true of my server and, I think, NCSA and

So the question is, what do clients do?  I would welcome David's survey
of current practice before endorsing the change, but I think it's a
reasonable one.

Meanwhile, I offer the following change proposal:

	userid = [ token ]
	userid = *TEXTnocolon
	TEXTnocolon = <any OCTET except CTLs and ":",
			but including LWS>

Dave Kristol

Received on Friday, 31 May 1996 10:08:16 UTC