- From: Henrik Nordstrom <henrik@henriknordstrom.net>
- Date: Mon, 02 Jun 2008 12:43:07 +0200
- To: Julian Reschke <julian.reschke@gmx.de>
- Cc: Martin Duerst <duerst@it.aoyama.ac.jp>, ietf-http-wg@w3.org
- Message-Id: <1212403387.4192.18.camel@henriknordstrom.net>
On ons, 2008-05-28 at 10:51 +0200, Julian Reschke wrote: > I would like Basic Auth to use UTF-8. But: this has been discussed again > and again of the last years, and I think we haven't come to a consensus > that it *can* be changed. On that issue it's a question of who to break.. But most implementations do use ISO-8859-1 for basic, and fail on characters outside that set. There is a easy path forward on that and it's to specify a Basic2 scheme addressing these concerns. Trying to solve the existing Basic scheme is a dead end as the syntax does not allow changes or extensions. The only available option is by adding a new header, and one may then just as well use a different scheme with better syntax. > For instance, I know by first hand of people in Europe relying that > (non-ASCII) ISO-8859-1 characters in credentials work in Basic > Authentication, and the clients and servers these people depend on use > ISO-8859-1 as encoding. Yes. > Choosing different encodings in the same UA depending who generated the > HTTP request is just bizarre, and will not help solving the problem. Fully agreed. > It seems an easy way to make progress would be to define "Basic2" (using > UTF-8), and try to get it supported in the open source browser engines > (FF/Webkit) and Apache httpd. ;-) > PS: we would still need to discuss whether it should be otherwise > compatible with Basic, or whether we would want to fix other things as > well, such as the inability to have colon character in the user name. It should be a new scheme with sane and possibly extensible syntax, not just patching up the existing one. Regards Henrik
Received on Monday, 2 June 2008 10:43:55 UTC