Re: [OAUTH-WG] What to do about 'realm'
Yaron Goland <yarong@microsoft.com> Fri, 16 July 2010 18:20 UTC
Return-Path: <yarong@microsoft.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id EC1463A6AC9 for <oauth@core3.amsl.com>; Fri, 16 Jul 2010 11:20:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -11.549
X-Spam-Level:
X-Spam-Status: No, score=-11.549 tagged_above=-999 required=5 tests=[AWL=1.050, BAYES_00=-2.599, GB_I_LETTER=-2, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mQBF9S5EkU1O for <oauth@core3.amsl.com>; Fri, 16 Jul 2010 11:20:56 -0700 (PDT)
Received: from smtp.microsoft.com (mail1.microsoft.com [131.107.115.212]) by core3.amsl.com (Postfix) with ESMTP id D5A2D3A6A56 for <oauth@ietf.org>; Fri, 16 Jul 2010 11:20:55 -0700 (PDT)
Received: from TK5EX14MLTC104.redmond.corp.microsoft.com (157.54.79.159) by TK5-EXGWY-E801.partners.extranet.microsoft.com (10.251.56.50) with Microsoft SMTP Server (TLS) id 8.2.176.0; Fri, 16 Jul 2010 11:21:04 -0700
Received: from TK5EX14MBXC113.redmond.corp.microsoft.com ([169.254.6.44]) by TK5EX14MLTC104.redmond.corp.microsoft.com ([157.54.79.159]) with mapi id 14.01.0180.004; Fri, 16 Jul 2010 11:21:06 -0700
From: Yaron Goland <yarong@microsoft.com>
To: Robert Sayre <sayrer@gmail.com>
Thread-Topic: [OAUTH-WG] What to do about 'realm'
Thread-Index: AcsWZA3VaAGfBKT6Rq+fJ1qCaXCqogKnLTUAABpFMgAABm2JgAAKYjcAAD86ilAAG/jAgAB+QVdg
Date: Fri, 16 Jul 2010 18:21:02 +0000
Message-ID: <7C01E631FF4B654FA1E783F1C0265F8C5F998076@TK5EX14MBXC113.redmond.corp.microsoft.com>
References: <AANLkTil8wp2A6JN_td7hwSAttPH6dG_U6PPakb6-vlsb@mail.gmail.com> <C85FDA20.3701A%eran@hueniverse.com> <7C01E631FF4B654FA1E783F1C0265F8C5F991033@TK5EX14MBXC113.redmond.corp.microsoft.com> <AANLkTimlZowDSwOoOgVStDYAJnRdYB1jtH9OdDVagxqE@mail.gmail.com>
In-Reply-To: <AANLkTimlZowDSwOoOgVStDYAJnRdYB1jtH9OdDVagxqE@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.54.123.12]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: OAuth WG <oauth@ietf.org>
Subject: Re: [OAUTH-WG] What to do about 'realm'
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Jul 2010 18:20:57 -0000
That's my point. The spec says " Words of *TEXT MAY contain characters from character sets other than ISO- 8859-1 [22] only when encoded according to the rules of RFC 2047 [14]." But since RFC 2047 is a dead letter as a practical matter the only safe way to move non-ASCII content in a HTTP header is to use some form of ASCII encoding. So, for example, we couldn't use UTF-16 because it produces characters that aren't safe in ASCII. > -----Original Message----- > From: Robert Sayre [mailto:sayrer@gmail.com] > Sent: Tuesday, July 13, 2010 4:01 PM > To: Yaron Goland > Cc: Eran Hammer-Lahav; OAuth WG > Subject: Re: [OAUTH-WG] What to do about 'realm' > > On Tue, Jul 13, 2010 at 9:46 AM, Yaron Goland <yarong@microsoft.com> > wrote: > > As defined in section 4.2 of RFC 2616 the only characters legally allowed in a > HTTP header are a fairly small subset of ASCII. > > I don't think that is correct. The definition of the TEXT rule in section 2.2 > allows most octets. It also references RFC 2047, but I don't think many > implementations actually support that RFC. > > > -- > > Robert Sayre > > "I would have written a shorter letter, but I did not have the time."
- Re: [OAUTH-WG] What to do about 'realm' Eran Hammer-Lahav
- Re: [OAUTH-WG] What to do about 'realm' Dick Hardt
- [OAUTH-WG] What to do about 'realm' Eran Hammer-Lahav
- Re: [OAUTH-WG] What to do about 'realm' Lukas Rosenstock
- Re: [OAUTH-WG] What to do about 'realm' Pid
- Re: [OAUTH-WG] What to do about 'realm' William Mills
- Re: [OAUTH-WG] What to do about 'realm' Torsten Lodderstedt
- Re: [OAUTH-WG] What to do about 'realm' Yaron Goland
- Re: [OAUTH-WG] What to do about 'realm' Brian Eaton
- Re: [OAUTH-WG] What to do about 'realm' Robert Sayre
- Re: [OAUTH-WG] What to do about 'realm' Eran Hammer-Lahav
- Re: [OAUTH-WG] What to do about 'realm' Manger, James H
- Re: [OAUTH-WG] What to do about 'realm' Eve Maler
- Re: [OAUTH-WG] What to do about 'realm' Robert Sayre
- Re: [OAUTH-WG] What to do about 'realm' Eran Hammer-Lahav
- Re: [OAUTH-WG] What to do about 'realm' William Mills
- Re: [OAUTH-WG] What to do about 'realm' Yaron Goland
- Re: [OAUTH-WG] What to do about 'realm' Robert Sayre
- Re: [OAUTH-WG] What to do about 'realm' Yaron Goland
- Re: [OAUTH-WG] What to do about 'realm' Brian Eaton
- Re: [OAUTH-WG] What to do about 'realm' Eran Hammer-Lahav