Re: non-ascii user name & password

>My suggestion:
>  When a password is typed by a user, the characters are encoded in
>  US-ASCII.  Encoding of non-US-ASCII characters is not specified at this
>  time, but use of localized character sets such as ISO-8859-1 for this
>  purpose is forbidden.  Clients are encouraged to provide a facility for
>  entry of uninterpreted binary passwords.

That would invalidate almost all client implementations of HTTP.
There is no technical reason to define the encoding other than to
say it is a shared understanding between client and server that
is outside the capacity of the protocol to determine, and that
interoperability problems may occur if non-US-ASCII characters
are used.  Forbidding it just makes the specification worthless.

Changing this in existing HTTP systems is not an option.  The only way
to add a specific encoding to the username/password exchange is to
define a new authentication method that requires it from the start.


Received on Thursday, 24 September 1998 14:22:03 UTC