List Info

Thread: Updating RFC 2617 (HTTP Digest) to use UTF-8
Updating RFC 2617 (HTTP Digest) to use UTF-8
user name
 2006-09-26 01:56:24 
I agree with Julian and Bjoern here: IN THEORY, RFC 2047
(http://www.ietf.o
rg/rfc/rfc2047.txt) (except for iso-8859-1)
would apply, but:
- it's not a very good theory: outdated because based on a
view
  that the Web is basically iso-8859-1, and difficult to
implement
- practice is different
- IETF policy is different

Regards,    Martin.

At 09:48 06/09/26, Bjoern Hoehrmann wrote:
>* Julian Reschke wrote:
>>Jim Luther schrieb:
>>> While we're on this subject... In rfc2617
secction 3.2.1, it says:
>>> 
>>>> realm
>>>>      A string to be displayed to users so
they know which username and
>>>>      password to use.
>>> 
>>> It would be also nice to define the encoding of
the realm string so that 
>>> clients that display the realm to users can
display it correctly. We've 
>>> seen realms from servers encoded UTF-8,
ISO-8859-1, and with various 
>>> Windows encodings. There's no good way to
guess which encoding to use 
>>> and so whatever is used is currently wrong on
some servers.
>
>>I was thinking "should be UTF-8, of
course". But doesn't really RFC2045 
>>apply here at least in theory?
>
>The realm-value is a quoted-string, and quoted-string is
defined as
>
>       quoted-string  = ( <"> *(qdtext |
quoted-pair ) <"> )
>       qdtext         = <any TEXT except
<">>
>
>and TEXT is
>
>   The TEXT rule is only used for descriptive field
contents and values
>   that are not intended to be interpreted by the
message parser. Words
>   of *TEXT MAY contain characters from character sets
other than ISO-
>   8859-1 [22] only when encoded according to the rules
of RFC 2047
>   [14].
>
>       TEXT           = <any OCTET except CTLs,
>                        but including LWS>
>
>So you could use realm="=?utf-8?b?..." or
its variants. As you say, in
>theory; I am unaware of any implementation that supports
encoded words
>in HTTP headers..
>-- 
>Bj$B‹S(Bn H$B‹I(Brmann $B%-(B mailto:bjoernhoehrmann.de $B%-(B http://bjoern.hoehrmann.de

>Weinh. Str. 22 $B%-(B Telefon: +49(0)621/4309674
$B%-(B http://www.bjoernsworld.de

>68309 Mannheim $B%-(B PGP Pub. KeyID: 0xA4357E78
$B%-(B http://www.websitedev.de/ 
>_______________________________________________
>Ietf-http-auth mailing list
>Ietf-http-authosafoundation.org
>http://lists.osafoundation.org/cgi-bin/mai
lman/listinfo/ietf-http-auth


#-#-#  Martin J. Du"rst, Assoc. Professor, Aoyama
Gakuin University
#-#-#  http://www.sw.it.aoyama
.ac.jp       mailto:duerstit.aoyama.ac.jp     

_______________________________________________
Ietf-http-auth mailing list
Ietf-http-authosafoundation.org
http://lists.osafoundation.org/cgi-bin/mai
lman/listinfo/ietf-http-auth
Updating RFC 2617 (HTTP Digest) to use UTF-8
user name
 2006-09-26 07:39:07 
Am 26.09.2006 um 03:56 schrieb Martin Duerst:

>
> I agree with Julian and Bjoern here: IN THEORY, RFC
2047
> (http://www.ietf.o
rg/rfc/rfc2047.txt) (except for iso-8859-1)
> would apply, but:
> - it's not a very good theory: outdated because based
on a view
>   that the Web is basically iso-8859-1, and difficult
to implement
> - practice is different
> - IETF policy is different

For interoperability, the encoding of usernames and
passwords seems  
to be most interesting. If the encoding of the realm is
misunderstood  
by the client (in a deterministic way) then interop could
still be  
achieved, right?

//Stefan

> Regards,    Martin.
>
> At 09:48 06/09/26, Bjoern Hoehrmann wrote:
>> * Julian Reschke wrote:
>>> Jim Luther schrieb:
>>>> While we're on this subject... In rfc2617
secction 3.2.1, it says:
>>>>
>>>>> realm
>>>>>      A string to be displayed to users
so they know which  
>>>>> username and
>>>>>      password to use.
>>>>
>>>> It would be also nice to define the
encoding of the realm string  
>>>> so that
>>>> clients that display the realm to users can
display it  
>>>> correctly. We've
>>>> seen realms from servers encoded UTF-8,
ISO-8859-1, and with  
>>>> various
>>>> Windows encodings. There's no good way to
guess which encoding  
>>>> to use
>>>> and so whatever is used is currently wrong
on some servers.
>>
>>> I was thinking "should be UTF-8, of
course". But doesn't really  
>>> RFC2045
>>> apply here at least in theory?
>>
>> The realm-value is a quoted-string, and
quoted-string is defined as
>>
>>       quoted-string  = ( <"> *(qdtext |
quoted-pair ) <"> )
>>       qdtext         = <any TEXT except
<">>
>>
>> and TEXT is
>>
>>   The TEXT rule is only used for descriptive field
contents and  
>> values
>>   that are not intended to be interpreted by the
message parser.  
>> Words
>>   of *TEXT MAY contain characters from character
sets other than ISO-
>>   8859-1 [22] only when encoded according to the
rules of RFC 2047
>>   [14].
>>
>>       TEXT           = <any OCTET except CTLs,
>>                        but including LWS>
>>
>> So you could use realm="=?utf-8?b?..."
or its variants. As you  
>> say, in
>> theory; I am unaware of any implementation that
supports encoded  
>> words
>> in HTTP headers..
>> -- 
>> Bj�n H�rmann キ mailto:bjoernhoehrmann.de キ http:// 
>> bjoern.hoehrmann.de
>> Weinh. Str. 22 ã‚­ Telefon: +49(0)621/4309674 ã‚­
http:// 
>> www.bjoernsworld.de
>> 68309 Mannheim ã‚­ PGP Pub. KeyID: 0xA4357E78 ã‚­
http:// 
>> www.websitedev.de/
>> _______________________________________________
>> Ietf-http-auth mailing list
>> Ietf-http-authosafoundation.org
>> http://lists.osafoundation.org/cgi-bin/mailman
/listinfo/ietf-http- 
>> auth
>
>
> #-#-#  Martin J. Du"rst, Assoc. Professor, Aoyama
Gakuin University
> #-#-#  http://www.sw.it.aoyama
.ac.jp        
> mailto:duerstit.aoyama.ac.jp
>
>

_______________________________________________
Ietf-http-auth mailing list
Ietf-http-authosafoundation.org
http://lists.osafoundation.org/cgi-bin/mai
lman/listinfo/ietf-http-auth
Updating RFC 2617 (HTTP Digest) to use UTF-8
user name
 2006-09-26 07:42:08 
Am 26.09.2006 um 09:39 schrieb Stefan Eissing:

>
> Am 26.09.2006 um 03:56 schrieb Martin Duerst:
>
>>
>> I agree with Julian and Bjoern here: IN THEORY, RFC
2047
>> (http://www.ietf.o
rg/rfc/rfc2047.txt) (except for iso-8859-1)
>> would apply, but:
>> - it's not a very good theory: outdated because
based on a view
>>   that the Web is basically iso-8859-1, and
difficult to implement
>> - practice is different
>> - IETF policy is different
>
> For interoperability, the encoding of usernames and
passwords seems  
> to be most interesting. If the encoding of the realm is
 
> misunderstood by the client (in a deterministic way)
then interop  
> could still be achieved, right?

To answer myself: not in digest authentication, stupid.

//Stefan

> //Stefan
>
>> Regards,    Martin.
>>
>> At 09:48 06/09/26, Bjoern Hoehrmann wrote:
>>> * Julian Reschke wrote:
>>>> Jim Luther schrieb:
>>>>> While we're on this subject... In
rfc2617 secction 3.2.1, it says:
>>>>>
>>>>>> realm
>>>>>>      A string to be displayed to
users so they know which  
>>>>>> username and
>>>>>>      password to use.
>>>>>
>>>>> It would be also nice to define the
encoding of the realm  
>>>>> string so that
>>>>> clients that display the realm to users
can display it  
>>>>> correctly. We've
>>>>> seen realms from servers encoded UTF-8,
ISO-8859-1, and with  
>>>>> various
>>>>> Windows encodings. There's no good way
to guess which encoding  
>>>>> to use
>>>>> and so whatever is used is currently
wrong on some servers.
>>>
>>>> I was thinking "should be UTF-8, of
course". But doesn't really  
>>>> RFC2045
>>>> apply here at least in theory?
>>>
>>> The realm-value is a quoted-string, and
quoted-string is defined as
>>>
>>>       quoted-string  = ( <">
*(qdtext | quoted-pair ) <"> )
>>>       qdtext         = <any TEXT except
<">>
>>>
>>> and TEXT is
>>>
>>>   The TEXT rule is only used for descriptive
field contents and  
>>> values
>>>   that are not intended to be interpreted by
the message parser.  
>>> Words
>>>   of *TEXT MAY contain characters from
character sets other than  
>>> ISO-
>>>   8859-1 [22] only when encoded according to
the rules of RFC 2047
>>>   [14].
>>>
>>>       TEXT           = <any OCTET except
CTLs,
>>>                        but including LWS>
>>>
>>> So you could use
realm="=?utf-8?b?..." or its variants. As you  
>>> say, in
>>> theory; I am unaware of any implementation that
supports encoded  
>>> words
>>> in HTTP headers..
>>> -- 
>>> Bj�n H�rmann キ mailto:bjoernhoehrmann.de キ http:// 
>>> bjoern.hoehrmann.de
>>> Weinh. Str. 22 ã‚­ Telefon: +49(0)621/4309674
ã‚­ http:// 
>>> www.bjoernsworld.de
>>> 68309 Mannheim ã‚­ PGP Pub. KeyID: 0xA4357E78
ã‚­ http:// 
>>> www.websitedev.de/
>>> _______________________________________________
>>> Ietf-http-auth mailing list
>>> Ietf-http-authosafoundation.org
>>> http://lists.osafoundation.org/cgi-bin/mailman
/listinfo/ietf-http- 
>>> auth
>>
>>
>> #-#-#  Martin J. Du"rst, Assoc. Professor,
Aoyama Gakuin University
>> #-#-#  http://www.sw.it.aoyama
.ac.jp        
>> mailto:duerstit.aoyama.ac.jp
>>
>>
>
> _______________________________________________
> Ietf-http-auth mailing list
> Ietf-http-authosafoundation.org
> http://lists.osafoundation.org/cgi-bin/mai
lman/listinfo/ietf-http-auth

_______________________________________________
Ietf-http-auth mailing list
Ietf-http-authosafoundation.org
http://lists.osafoundation.org/cgi-bin/mai
lman/listinfo/ietf-http-auth
[1-3]

about | contact  Other archives ( Real Estate discussion Medical topics )