- From: Robert Sayre <sayrer@gmail.com>
- Date: Sat, 14 Oct 2006 21:53:18 -0400
- To: "Lisa Dusseault" <lisa@osafoundation.org>
- Cc: "Martin Duerst" <duerst@it.aoyama.ac.jp>, "HTTP authentication list" <ietf-http-auth@osafoundation.org>, "HTTP Working Group" <ietf-http-wg@w3.org>
On 9/25/06, Lisa Dusseault <lisa@osafoundation.org> wrote: > I agree it would be good to update RFC2617. Is anybody going to take > a stab at it? > As a data point, Mozilla always uses a lossy UTF16-to-ASCII conversion for Basic [1] and always uses UTF-8 for Digest [2]. Both implementations date from 2001. We have no bugs filed on Digest authentication charsets, and one bug on Basic that's been filed several times.[3] I don't think a 2617 update is a good use of time, but I will update our networking code in the event an update is completed. MD5-sess is essentially unused. An update should drop it. 1.) http://lxr.mozilla.org/seamonkey/source/netwerk/protocol/http/src/nsHttpBasicAuth.cpp#108 2.) http://lxr.mozilla.org/seamonkey/source/netwerk/protocol/http/src/nsHttpDigestAuth.cpp#330 3.) https://bugzilla.mozilla.org/show_bug.cgi?id=41489 -- Robert Sayre
Received on Sunday, 15 October 2006 01:53:30 UTC