Re: [Ietf-http-auth] Updating RFC 2617 (HTTP Digest) to use UTF-8

• From: Stefan Eissing <stefan.eissing@greenbytes.de>
• Date: Tue, 26 Sep 2006 09:39:07 +0200
• To: Martin Duerst <duerst@it.aoyama.ac.jp>
• Cc: Bjoern Hoehrmann <derhoermi@gmx.net>, Julian Reschke <julian.reschke@gmx.de>, ietf-http-auth@osafoundation.org, ietf-http-wg@w3.org
• Message-Id: <C39E62E9-89B2-4F21-963E-D0D3CF1A22CD@greenbytes.de>

Am 26.09.2006 um 03:56 schrieb Martin Duerst:

>
> I agree with Julian and Bjoern here: IN THEORY, RFC 2047
> (http://www.ietf.org/rfc/rfc2047.txt) (except for iso-8859-1)
> would apply, but:
> - it's not a very good theory: outdated because based on a view
>   that the Web is basically iso-8859-1, and difficult to implement
> - practice is different
> - IETF policy is different

For interoperability, the encoding of usernames and passwords seems  
to be most interesting. If the encoding of the realm is misunderstood  
by the client (in a deterministic way) then interop could still be  
achieved, right?

//Stefan

> Regards,    Martin.
>
> At 09:48 06/09/26, Bjoern Hoehrmann wrote:
>> * Julian Reschke wrote:
>>> Jim Luther schrieb:
>>>> While we're on this subject... In rfc2617 secction 3.2.1, it says:
>>>>
>>>>> realm
>>>>>      A string to be displayed to users so they know which  
>>>>> username and
>>>>>      password to use.
>>>>
>>>> It would be also nice to define the encoding of the realm string  
>>>> so that
>>>> clients that display the realm to users can display it  
>>>> correctly. We've
>>>> seen realms from servers encoded UTF-8, ISO-8859-1, and with  
>>>> various
>>>> Windows encodings. There's no good way to guess which encoding  
>>>> to use
>>>> and so whatever is used is currently wrong on some servers.
>>
>>> I was thinking "should be UTF-8, of course". But doesn't really  
>>> RFC2045
>>> apply here at least in theory?
>>
>> The realm-value is a quoted-string, and quoted-string is defined as
>>
>>       quoted-string  = ( <"> *(qdtext | quoted-pair ) <"> )
>>       qdtext         = <any TEXT except <">>
>>
>> and TEXT is
>>
>>   The TEXT rule is only used for descriptive field contents and  
>> values
>>   that are not intended to be interpreted by the message parser.  
>> Words
>>   of *TEXT MAY contain characters from character sets other than ISO-
>>   8859-1 [22] only when encoded according to the rules of RFC 2047
>>   [14].
>>
>>       TEXT           = <any OCTET except CTLs,
>>                        but including LWS>
>>
>> So you could use realm="=?utf-8?b?..." or its variants. As you  
>> say, in
>> theory; I am unaware of any implementation that supports encoded  
>> words
>> in HTTP headers..
>> -- 
>> Bj�n H�rmann キ mailto:bjoern@hoehrmann.de キ http:// 
>> bjoern.hoehrmann.de
>> Weinh. Str. 22 キ Telefon: +49(0)621/4309674 キ http:// 
>> www.bjoernsworld.de
>> 68309 Mannheim キ PGP Pub. KeyID: 0xA4357E78 キ http:// 
>> www.websitedev.de/
>> _______________________________________________
>> Ietf-http-auth mailing list
>> Ietf-http-auth@osafoundation.org
>> http://lists.osafoundation.org/cgi-bin/mailman/listinfo/ietf-http- 
>> auth
>
>
> #-#-#  Martin J. Du"rst, Assoc. Professor, Aoyama Gakuin University
> #-#-#  http://www.sw.it.aoyama.ac.jp        
> mailto:duerst@it.aoyama.ac.jp
>
>

Received on Tuesday, 26 September 2006 07:39:16 UTC