- From: Roy T. Fielding <fielding@kiwi.ics.uci.edu>
- Date: Thu, 24 Sep 1998 14:09:15 -0700
- To: Chris Newman <Chris.Newman@innosoft.com>
- Cc: Paul Leach <paulle@microsoft.com>, http-wg@hplb.hpl.hp.com
>My suggestion: > > When a password is typed by a user, the characters are encoded in > US-ASCII. Encoding of non-US-ASCII characters is not specified at this > time, but use of localized character sets such as ISO-8859-1 for this > purpose is forbidden. Clients are encouraged to provide a facility for > entry of uninterpreted binary passwords. That would invalidate almost all client implementations of HTTP. There is no technical reason to define the encoding other than to say it is a shared understanding between client and server that is outside the capacity of the protocol to determine, and that interoperability problems may occur if non-US-ASCII characters are used. Forbidding it just makes the specification worthless. Changing this in existing HTTP systems is not an option. The only way to add a specific encoding to the username/password exchange is to define a new authentication method that requires it from the start. ....Roy
Received on Thursday, 24 September 1998 14:22:03 UTC