On 2012-06-08 20:09, Mike Jones wrote:
Hi Julian,The current draft restricts username and password to ASCII was because RFC 2616 says this about the TEXT fields used by HTTP Basic in RFC 2617: "Words of *TEXT MAY contain characters from character sets other than ISO-8859-1 [22] only when encoded according to the rules of RFC 2047 [14]." Given that RFC 2047 MIME encodings aren't possible in this context, that you wrote that "If you define new protocol elements, either restrict them to US-ASCII, or find a way to encode all of Unicode", and you and Peter St. Andre wrote that using ISO-8859-1 is a non-starter, that seemed to leave ASCII as the only available choice.
The other choice was "find a way to encode all of Unicode". The way to do this usually is to use UTF-8. That doesn't work with Basic and Digest, but we shouldn't extend this problem to anything new we define.
If you have an alternative proposal for encoding all of Unicode for username and password, I'd appreciate if you could propose specific text changes to -27 to accomplish them. I'd be fine with doing that, but didn't know how to satisfy all the constraints above for Unicode characters. Draft -27 is now available at http://tools.ietf.org/html/draft-ietf-oauth-v2-27. ...
I haven't looked at the core OAuth spec. The right answer depends on where you use these protocol elements.
Changing this into a question to the WG: is it acceptable to restrict all of these protocol elements to US-ASCII?
Best regards, Julian _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
