Re: [OAUTH-WG] Discussion needed on username and password ABNF definitions
Julian Reschke <julian.reschke@gmx.de> Sun, 10 June 2012 18:39 UTC
Return-Path: <julian.reschke@gmx.de>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 31AD521F8555 for <oauth@ietfa.amsl.com>; Sun, 10 Jun 2012 11:39:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.599
X-Spam-Level:
X-Spam-Status: No, score=-106.599 tagged_above=-999 required=5 tests=[AWL=-4.000, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RBKnsw66gHrI for <oauth@ietfa.amsl.com>; Sun, 10 Jun 2012 11:39:22 -0700 (PDT)
Received: from mailout-de.gmx.net (mailout-de.gmx.net [213.165.64.22]) by ietfa.amsl.com (Postfix) with SMTP id 3DFD721F8550 for <oauth@ietf.org>; Sun, 10 Jun 2012 11:39:22 -0700 (PDT)
Received: (qmail invoked by alias); 10 Jun 2012 18:39:21 -0000
Received: from p5DD95838.dip.t-dialin.net (EHLO [192.168.178.36]) [93.217.88.56] by mail.gmx.net (mp004) with SMTP; 10 Jun 2012 20:39:21 +0200
X-Authenticated: #1915285
X-Provags-ID: V01U2FsdGVkX189u9A7TNo9I/VtIwrab+p0iu1Ys+gpXYlIbZQ7ln OOaZ+NzS00wrPW
Message-ID: <4FD4E9D4.2010808@gmx.de>
Date: Sun, 10 Jun 2012 20:39:16 +0200
From: Julian Reschke <julian.reschke@gmx.de>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:13.0) Gecko/20120604 Thunderbird/13.0
MIME-Version: 1.0
To: Mike Jones <Michael.Jones@microsoft.com>
References: <4E1F6AAD24975D4BA5B16804296739436652F52D@TK5EX14MBXC284.redmond.corp.microsoft.com>
In-Reply-To: <4E1F6AAD24975D4BA5B16804296739436652F52D@TK5EX14MBXC284.redmond.corp.microsoft.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Y-GMX-Trusted: 0
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Discussion needed on username and password ABNF definitions
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 10 Jun 2012 18:39:23 -0000
On 2012-06-08 20:09, Mike Jones wrote: > Hi Julian, > > The current draft restricts username and password to ASCII was because RFC 2616 says this about the TEXT fields used by HTTP Basic in RFC 2617: > "Words of *TEXT MAY contain characters from character sets other than > ISO-8859-1 [22] only when encoded according to the rules of > RFC 2047 [14]." > > Given that RFC 2047 MIME encodings aren't possible in this context, that you wrote that "If you define new protocol elements, either restrict them to US-ASCII, or find a way to encode all of Unicode", and you and Peter St. Andre wrote that using ISO-8859-1 is a non-starter, that seemed to leave ASCII as the only available choice. The other choice was "find a way to encode all of Unicode". The way to do this usually is to use UTF-8. That doesn't work with Basic and Digest, but we shouldn't extend this problem to anything new we define. > If you have an alternative proposal for encoding all of Unicode for username and password, I'd appreciate if you could propose specific text changes to -27 to accomplish them. I'd be fine with doing that, but didn't know how to satisfy all the constraints above for Unicode characters. Draft -27 is now available at http://tools.ietf.org/html/draft-ietf-oauth-v2-27. > ... I haven't looked at the core OAuth spec. The right answer depends on where you use these protocol elements. Changing this into a question to the WG: is it acceptable to restrict all of these protocol elements to US-ASCII? Best regards, Julian
- [OAUTH-WG] Discussion needed on username and pass… Mike Jones
- Re: [OAUTH-WG] Discussion needed on username and … Julian Reschke
- Re: [OAUTH-WG] Discussion needed on username and … Mike Jones
- Re: [OAUTH-WG] Discussion needed on username and … Phil Hunt
- Re: [OAUTH-WG] Discussion needed on username and … Mike Jones
- Re: [OAUTH-WG] Discussion needed on username and … John Bradley
- Re: [OAUTH-WG] Discussion needed on username and … Julian Reschke
- Re: [OAUTH-WG] Discussion needed on username and … Mike Jones
- Re: [OAUTH-WG] Discussion needed on username and … John Bradley
- Re: [OAUTH-WG] Discussion needed on username and … Manger, James H
- Re: [OAUTH-WG] Discussion needed on username and … Mike Jones
- Re: [OAUTH-WG] Discussion needed on username and … Julian Reschke
- Re: [OAUTH-WG] Discussion needed on username and … Linlin Zhou
- Re: [OAUTH-WG] Discussion needed on username and … Hannes Tschofenig
- Re: [OAUTH-WG] Discussion needed on username and … William Mills
- Re: [OAUTH-WG] Discussion needed on username and … Mike Jones
- Re: [OAUTH-WG] Discussion needed on username and … Eran Hammer
- Re: [OAUTH-WG] Discussion needed on username and … George Fletcher
- Re: [OAUTH-WG] Discussion needed on username and … Eran Hammer
- Re: [OAUTH-WG] Discussion needed on username and … Mike Jones
- [OAUTH-WG] Dynamic clients, URI, and stuff Re: Di… William Mills
- Re: [OAUTH-WG] Dynamic clients, URI, and stuff Re… Eran Hammer
- Re: [OAUTH-WG] Discussion needed on username and … William Mills
- Re: [OAUTH-WG] Dynamic clients, URI, and stuff Re… Jianhua Shao
- Re: [OAUTH-WG] Dynamic clients, URI, and stuff Re… Eve Maler
- Re: [OAUTH-WG] Dynamic clients, URI, and stuff Re… Jianhua Shao
- Re: [OAUTH-WG] Dynamic clients, URI, and stuff Re… Eve Maler