- From: Stefan Eissing <stefan.eissing@greenbytes.de>
- Date: Fri, 14 Mar 2008 14:12:48 +0100
- To: HTTP Group Working <ietf-http-wg@w3.org>
Am 14.03.2008 um 13:38 schrieb Frank Ellermann: > > Stefan Eissing wrote: > >> Basic just fails to specify how a username is converted to octets, >> right? > > Ditto passwords and Digest. RFC 2617 inherits the 2616 *TEXT, and > that is to be interpreted as Latin-1 octets when it's not RFC 2047 > encoded. And you don't 2047-encode user names and passwords used > as input for Basic / Digest / ... My crystal ball says. Yes and yes. > [...]Won't work directly for Basic - unless we jump from > 2616 HTTP/1.1 Latin-1 to a 2616ter HTTP/1.2 UTF-8. That is no > goal for 2616bis in this round. My point is: fix Basic and Digest. HTTP/1.1 needs no additional charset for its auth headers. Even if someone comes up with a miracle to make HTTP/1.1 send utf-8 headers, it would not make authentication work for deployed software. Simply because the code en/decoding auth header values is most likely totally separate from any generic header parsing stuff. Deprecate use of 2047-encode in 1.1 headers and close the issue, please. -- <green/>bytes GmbH, Hafenweg 16, D-48155 Münster, Germany Amtsgericht Münster: HRB5782
Received on Friday, 14 March 2008 13:13:35 UTC