- From: Paul Leach <paulle@microsoft.com>
- Date: Tue, 15 Sep 1998 16:11:22 -0700
- To: "'http-wg@hplb.hpl.hp.com'" <http-wg@hplb.hpl.hp.com>
- Cc: "Larry Masinter (E-mail)" <masinter@parc.xerox.com>, "Chris Newman (E-mail)" <Chris.Newman@innosoft.com>
The Digest spec says that user names and passwords are TEXT. TEXT says that it is any octet, except CTLs, except LWS is allowed. It also says the only characters in it have to be ISO 8859-1 and or encoded according RFC 2047. An issue which was raised to me is that user name and password have to be typed by users. To quote the person (Chris Newman) who pointed this out to me: Here's a nasty one -- TEXT is defined as using either ISO 8859-1 or RFC 2047 encoding for internationalization in [HTTP/1.1 spec]. RFC 2047 encoding will never work in this context since it has no reasonable canonical form. Therefore, in order to comply with RFC 2277 you either need to make this use UTF-8, or make it use US-ASCII only, claiming the "identifier" exception (and we can make it UTF-8 later if we wish). I.e., the mapping from what you type to the octets of the password have to be the same everywhere, otherwise the password won't compute the correct MD5 hash values. I don't pretend to understand the I18N issues. Are there problems if we say that the password is UTF-8 encoded (and change the BNF)? How about user name? Paul
Received on Tuesday, 15 September 1998 16:15:41 UTC