Re: [OAUTH-WG] Discussion needed on username and password ABNF definitions
"Manger, James H" <James.H.Manger@team.telstra.com> Mon, 11 June 2012 15:36 UTC
Return-Path: <James.H.Manger@team.telstra.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6EDA021F85CC for <oauth@ietfa.amsl.com>; Mon, 11 Jun 2012 08:36:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.901
X-Spam-Level:
X-Spam-Status: No, score=-0.901 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_AU=0.377, HOST_EQ_AU=0.327, RELAY_IS_203=0.994]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id E3xafB-9IMa0 for <oauth@ietfa.amsl.com>; Mon, 11 Jun 2012 08:36:41 -0700 (PDT)
Received: from ipxavo.tcif.telstra.com.au (ipxavo.tcif.telstra.com.au [203.35.135.200]) by ietfa.amsl.com (Postfix) with ESMTP id 9F50021F85C7 for <oauth@ietf.org>; Mon, 11 Jun 2012 08:36:40 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="4.77,389,1336312800"; d="scan'208";a="77546943"
Received: from unknown (HELO ipccvi.tcif.telstra.com.au) ([10.97.217.208]) by ipoavi.tcif.telstra.com.au with ESMTP; 12 Jun 2012 01:36:39 +1000
X-IronPort-AV: E=McAfee;i="5400,1158,6738"; a="68186142"
Received: from wsmsg3756.srv.dir.telstra.com ([172.49.40.84]) by ipccvi.tcif.telstra.com.au with ESMTP; 12 Jun 2012 01:36:39 +1000
Received: from WSMSG3153V.srv.dir.telstra.com ([172.49.40.159]) by wsmsg3756.srv.dir.telstra.com ([172.49.40.84]) with mapi; Tue, 12 Jun 2012 01:36:38 +1000
From: "Manger, James H" <James.H.Manger@team.telstra.com>
To: "oauth@ietf.org" <oauth@ietf.org>
Date: Tue, 12 Jun 2012 01:36:32 +1000
Thread-Topic: [OAUTH-WG] Discussion needed on username and password ABNF definitions
Thread-Index: Ac1HSVTr9Ci40wGPRneZWq2dwMYRugAm9HTA
Message-ID: <255B9BB34FB7D647A506DC292726F6E114F5474E29@WSMSG3153V.srv.dir.telstra.com>
References: <4E1F6AAD24975D4BA5B16804296739436652F52D@TK5EX14MBXC284.redmond.corp.microsoft.com> <4FD4E9D4.2010808@gmx.de> <4E1F6AAD24975D4BA5B168042967394366531375@TK5EX14MBXC284.redmond.corp.microsoft.com> <4FD4F976.6090801@gmx.de> <4E1F6AAD24975D4BA5B1680429673943665316D1@TK5EX14MBXC284.redmond.corp.microsoft.com> <60F5CCB0-E036-4351-BD10-A44B33FCC5F6@ve7jtb.com>
In-Reply-To: <60F5CCB0-E036-4351-BD10-A44B33FCC5F6@ve7jtb.com>
Accept-Language: en-US, en-AU
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US, en-AU
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Subject: Re: [OAUTH-WG] Discussion needed on username and password ABNF definitions
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Jun 2012 15:36:41 -0000
Are we so sure the non-english "half" of the world only use ASCII characters in passwords? Sounds highly unlikely to me. > Given that, as you confirmed, UTF-8 "doesn't work with Basic and Digest"... It can work. It is just underspecified. So things can get messy. draft-reschke-basicauth-enc-05 is a current draft (March 2012) attempting to fix this as much as possible. Forcing ASCII password for people feels unacceptable. Better would be to say OAuth servers accepting HTTP BASIC MUST accept UTF-8 encoded usernames and passwords. A warning about interop problems with non-ASCII password is ok. ASCII-only for usernames is almost as bad. I thought internationalized email addresses were just standardized, and email addresses are often used as usernames. For client id & password ASCII-only is less of an issue. These are values configured into apps, not remembered by human brains. -- James Manger
- [OAUTH-WG] Discussion needed on username and pass… Mike Jones
- Re: [OAUTH-WG] Discussion needed on username and … Julian Reschke
- Re: [OAUTH-WG] Discussion needed on username and … Mike Jones
- Re: [OAUTH-WG] Discussion needed on username and … Phil Hunt
- Re: [OAUTH-WG] Discussion needed on username and … Mike Jones
- Re: [OAUTH-WG] Discussion needed on username and … John Bradley
- Re: [OAUTH-WG] Discussion needed on username and … Julian Reschke
- Re: [OAUTH-WG] Discussion needed on username and … Mike Jones
- Re: [OAUTH-WG] Discussion needed on username and … John Bradley
- Re: [OAUTH-WG] Discussion needed on username and … Manger, James H
- Re: [OAUTH-WG] Discussion needed on username and … Mike Jones
- Re: [OAUTH-WG] Discussion needed on username and … Julian Reschke
- Re: [OAUTH-WG] Discussion needed on username and … Linlin Zhou
- Re: [OAUTH-WG] Discussion needed on username and … Hannes Tschofenig
- Re: [OAUTH-WG] Discussion needed on username and … William Mills
- Re: [OAUTH-WG] Discussion needed on username and … Mike Jones
- Re: [OAUTH-WG] Discussion needed on username and … Eran Hammer
- Re: [OAUTH-WG] Discussion needed on username and … George Fletcher
- Re: [OAUTH-WG] Discussion needed on username and … Eran Hammer
- Re: [OAUTH-WG] Discussion needed on username and … Mike Jones
- [OAUTH-WG] Dynamic clients, URI, and stuff Re: Di… William Mills
- Re: [OAUTH-WG] Dynamic clients, URI, and stuff Re… Eran Hammer
- Re: [OAUTH-WG] Discussion needed on username and … William Mills
- Re: [OAUTH-WG] Dynamic clients, URI, and stuff Re… Jianhua Shao
- Re: [OAUTH-WG] Dynamic clients, URI, and stuff Re… Eve Maler
- Re: [OAUTH-WG] Dynamic clients, URI, and stuff Re… Jianhua Shao
- Re: [OAUTH-WG] Dynamic clients, URI, and stuff Re… Eve Maler