Re: Basic Authentication and encoding of non-ASCII characters in credentials from Frank Ellermann on 2008-05-28 (ietf-http-wg@w3.org from April to June 2008)

From: Frank Ellermann <nobody@xyzzy.claranet.de>
Date: Wed, 28 May 2008 15:26:51 +0200
To: ietf-http-wg@w3.org
Message-ID: <g1jmfv$ii1$1@ger.gmane.org>

Julian Reschke wrote:
 
> I would like Basic Auth to use UTF-8. But: this has been
> discussed again and again of the last years, and I think
> we haven't come to a consensus that it *can* be changed.

> For instance, I know by first hand of people in Europe
> relying that (non-ASCII) ISO-8859-1 characters in 
> credentials work in Basic Authentication, and the clients
> and servers these people depend on use ISO-8859-1 as
> encoding.

Sigh.  This Latin-1 cruft is excessively annoying.  I think
we need a transition strategy (read: modification of the WG
Charter) *how* to replace Latin-1 by UTF-8 in HTTP a.s.a.p.
Two possible strategies:

1 - Keep everything about Latin-1 as is in 2616bis+2617bis,
    and introduce HTTP/1.2 to indicate "same as HTTP/1.1,
    but UTF-8 instead of ISO-8859-1".

2 - Replace Latin-1 by ASCII in 2616bis+2617bis, and after
    years of flamewars upgrade ASCII to UTF-8 for HTTP/1.1.

What's IMO not possible is to do this piecemeal and without
clear strategy.  

> It seems an easy way to make progress would be to define
> "Basic2" (using UTF-8), and try to get it supported in the
> open source browser engines (FF/Webkit) and Apache httpd.

And in most popular browsers (including IE8 and FF3).  

 Frank

Received on Wednesday, 28 May 2008 13:26:16 UTC