[OAUTH-WG] draft-ietf-oauth-v2-bearer-13: character encoding in form data
Julian Reschke <julian.reschke@gmx.de> Mon, 31 October 2011 17:02 UTC
Return-Path: <julian.reschke@gmx.de>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A47FC11E816C for <oauth@ietfa.amsl.com>; Mon, 31 Oct 2011 10:02:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -104.273
X-Spam-Level:
X-Spam-Status: No, score=-104.273 tagged_above=-999 required=5 tests=[AWL=-1.674, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3v+HOa8vARys for <oauth@ietfa.amsl.com>; Mon, 31 Oct 2011 10:01:59 -0700 (PDT)
Received: from mailout-de.gmx.net (mailout-de.gmx.net [213.165.64.22]) by ietfa.amsl.com (Postfix) with SMTP id D904811E815A for <oauth@ietf.org>; Mon, 31 Oct 2011 10:01:53 -0700 (PDT)
Received: (qmail invoked by alias); 31 Oct 2011 17:01:49 -0000
Received: from mail.greenbytes.de (EHLO [192.168.1.140]) [217.91.35.233] by mail.gmx.net (mp016) with SMTP; 31 Oct 2011 18:01:49 +0100
X-Authenticated: #1915285
X-Provags-ID: V01U2FsdGVkX1+1+cktQDC17XFui8gFEnksABgjwU/IY6vPy1iNmm 1C8xRJW+0L23Ua
Message-ID: <4EAED47B.2040901@gmx.de>
Date: Mon, 31 Oct 2011 18:01:47 +0100
From: Julian Reschke <julian.reschke@gmx.de>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20110929 Thunderbird/7.0.1
MIME-Version: 1.0
To: "OAuth WG (oauth@ietf.org)" <oauth@ietf.org>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Y-GMX-Trusted: 0
Subject: [OAUTH-WG] draft-ietf-oauth-v2-bearer-13: character encoding in form data
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 31 Oct 2011 17:02:00 -0000
Hi there, I note that sending data using form-encoding (<https://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-13#section-2.2>) is still [0] underspecified. To encode data using the "application/x-www-form-urlencoded" media type, the producer needs to first map characters to octets, and only then can produce the body. HTML 4.01 doesn't mention this, mainly because it's implied by related information, such as the character encoding of the page containing the form, and attributes on the HTML form elements. This information doesn't apply here, so senders are left in the dark about how to get to the octet sequence they need. This may not be a problem for US-ASCII (because there's an "obvious" way to do that), but it is for everything else. The spec may not need non-ASCII characters in the predefined parameters, but it does allow extension parameters, and thus their handling isn't completely specified. Note that this issue would be more obvious if the spec did cite HTML5 for the definition of the media type. Also note that a similar problem applies to the URI encoding, defined in <https://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-13#section-2.3>. There are two simple ways to resolve this issue: 1) Disallow non-ASCII characters in extension parameters, or 2) Or specify the character encoding to use (such as UTF-8). Best regards, Julian [0] <https://www.ietf.org/mail-archive/web/oauth/current/msg07731.html>
- [OAUTH-WG] draft-ietf-oauth-v2-bearer-13: charact… Julian Reschke