Re: [Ietf-http-auth] Updating RFC 2617 (HTTP Digest) to use UTF-8

I agree it would be good to update RFC2617.  Is anybody going to take  
a stab at it?


On Sep 22, 2006, at 7:55 PM, Martin Duerst wrote:

> Many thanks to Bjoern for the detailed checking and report.
> My summary of the situation would be as follows:
> There is currently widely varying practice. Current implementations
> are anyways broken and non-interoperable. The main reason for this
> is most probably that there is no clear specification. This means
> that an update of RFC 2617 is desirable. The new specification
> should probably go for UTF-8, while noting that there is still
> some varying practice.
> Regards,   Martin.
> At 01:41 06/09/23, Bjoern Hoehrmann wrote:
>> * Alexey Melnikov wrote:
>>> Does anybody know if updating RFC 2617 to say that username/ 
>>> passwords
>>> are UTF-8 would break any major implementation? For example, does
>>> anybody know if a major HTTP client/server implementation assume  
>>> ISO 8859-1?
>> It appears that for Basic authentication the german version of  
>> Internet
>> Explorer 6 running on the german version of Windows 2003 as well  
>> as the
>> latest english Internet Explorer 7 release candidate running on the
>> german version of Windows XP will use something like ISO-8859-1  
>> for both
>> manual as well as XMLHttpRequest requests. Trying to use U+20AC as  
>> user
>> name and password they got encoded as 0x80 (Windows-1252) for  
>> manual re-
>> quests, and to '?' for XHR. Characters not included in  
>> Windows-1252 come
>> out as '?' regardless of the method used. For XHR my test cases  
>> include
>> documents encoded as ISO-8859-1 and UTF-8; there did not appear to be
>> any difference.
>> The latest en-us version of Firefox uses UTF-8 for XHR and the lower
>> byte of the character when encoded using UTF-16BE (so for U+20AC you
>> get 0xAC) when using manual input. For manually entered http:// 
>> u:p@...
>> URLs Firefox uses Windows-1252 if possible, UTF-8 otherwise. When XHR
>> is used with such a URL, it uses UTF-8. The latest en-us version of
>> Opera9 always uses UTF-8, as far as I can tell based on my limited
>> testing. Results might well be different on with different default  
>> code
>> pages, language settings, and so on. Note that the illegal http:// 
>> u:p@..
>> addressing scheme allows to use arbitrary octet sequences using %hh
>> escape sequences, with some browser-specific limitations.
>> -- 
>> Bj�n H�rmann キ キ http:// 
>> Weinh. Str. 22 キ Telefon: +49(0)621/4309674 キ http:// 
>> 68309 Mannheim キ PGP Pub. KeyID: 0xA4357E78 キ http:// 
>> _______________________________________________
>> Ietf-http-auth mailing list
>> auth
> #-#-#  Martin J. Du"rst, Assoc. Professor, Aoyama Gakuin University
> #-#-#        
> _______________________________________________
> Ietf-http-auth mailing list

Received on Monday, 25 September 2006 18:31:26 UTC