Hello Dennis, i will try to explain my interpretation.
The important sentence in RFC-2392 is: A "cid" URL is converted to the corresponding Content-ID message header [MIME] by removing the "cid:" prefix, converting the % encoded character to their equivalent US-ASCII characters" And especially the last part "converting the % encoded character to their equivalent US-ASCII characters" explictly define a decode, which now no longer exist. I think the problem is the example in the specification, which do not comply to this definition. But this is already covered since year 2000 *by a errata for RFC-2392* https://www.rfc-editor.org/errata/rfc2392 This errata contain the correct example that comply with the text: I think the definition make sense. The value behind "cid:" must be URI encoded, since in must be a valid URI. The HTTP header Content-ID has not limitation to be encoded. Do you agree with my interpretation? If yes, than we shall create an issue on CXF side and request a rollback the changes done with CXF-7317 Thank you, Kind regards, Thomas -- Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html