- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Wed, 28 May 2008 10:51:14 +0200
- To: Martin Duerst <duerst@it.aoyama.ac.jp>
- CC: ietf-http-wg@w3.org
Martin Duerst wrote: > At 01:46 08/05/28, Julian Reschke wrote: >> Hi, >> >> we recently discussed this over at the W3C webapi discussion list, and it turns out that, at least for Firefox, the encoding that is being used depends on whether the browser itself does the authentication (ISO8859-1 plus bugs for non-ISO characters), or whether it's XMLHTTPRequest (UTF-8). >> >> To me that looks like a totally bizarre design. > > To me, it looks like no design at all. Whoever did the original stuff > didn't think about non-ASCII, or didn't have much of an idea. > In my opinion, UTF-8 is the right long-term solution, and the sooner > we get there, the better. > > Regards, Martin. I would like Basic Auth to use UTF-8. But: this has been discussed again and again of the last years, and I think we haven't come to a consensus that it *can* be changed. For instance, I know by first hand of people in Europe relying that (non-ASCII) ISO-8859-1 characters in credentials work in Basic Authentication, and the clients and servers these people depend on use ISO-8859-1 as encoding. Choosing different encodings in the same UA depending who generated the HTTP request is just bizarre, and will not help solving the problem. It seems an easy way to make progress would be to define "Basic2" (using UTF-8), and try to get it supported in the open source browser engines (FF/Webkit) and Apache httpd. BR, Julian PS: we would still need to discuss whether it should be otherwise compatible with Basic, or whether we would want to fix other things as well, such as the inability to have colon character in the user name.
Received on Wednesday, 28 May 2008 08:52:01 UTC