- From: Joris Dobbelsteen <joris.dobbelsteen@mail.com>
- Date: Wed, 16 Apr 2003 20:04:01 +0200
- To: "'Scott Lawrence'" <scott-http@skrb.org>, <ietf-http-wg@w3.org>
- Cc: <yngve@opera.com>
>-----Original Message----- >From: ietf-http-wg-request@w3.org >[mailto:ietf-http-wg-request@w3.org]On >Behalf Of Scott Lawrence >Sent: Wednesday, 16 April 2003 14:20 >To: ietf-http-wg@w3.org >Cc: yngve@opera.com >Subject: Re: RFC 2617: Which character should be used? > > > >Yngve Nysaeter Pettersen <yngve@opera.com> writes: > >> My suggestion is that UTF-8 is selected as the character set >used to encode >> the username and password values when creating the "user-pass" string >> (sec. 2) and the "username-value" and "passwd" strings in >sec. 3.2.2. It >> might also be an idea to specify the same for other text >attributes as well. > >I just took a look at the spec to try to come up with specific >language for this. > >Section 3.2.2.2 A1 add: > > The passwd value used should be encoded using UTF-8. > >I don't think it's an issue for the user-pass string or >username-value, since these are just literals that are passed in the >clear to the server anyway. Can't the server just use them as is? > I believe this might be a problem as it might differ from existing implementations. Making passwords UTF-8 before MD5 yields a complete different result from using ASCII and then MD5 for Digest. This is also true for Basic (using Base64). I would expect implementations to currently use the ASCII character-set. This does indeed not solve the issues regarding languages using another character set. I don't have any details how current implementations do this. HTTP (including HTTP/1.1) is much older than BCP 18 (RFC 2277), so I don't believe its recommendation is used. >-- >Scott Lawrence > - Joris
Received on Wednesday, 16 April 2003 14:03:11 UTC