RE: [TLS] Review of draft-housley-tls-authz-extns-05

> -----Original Message-----
> From: Pasi.Eronen@nokia.com [mailto:Pasi.Eronen@nokia.com] 
> Sent: Monday, June 05, 2006 5:00 AM
> To: hartmans-ietf@mit.edu
> Cc: mark@redphonesecurity.com; tls@ietf.org
> Subject: RE: [TLS] Review of draft-housley-tls-authz-extns-05
> 
> Sam Hartman wrote:
> 
> > p> We also need to specify the character-to-octet encoding (UTF-8
> > p> would be the most logical alternative).
> > 
> > It's my understanding that saying it is XML already gives us that:
> > mandatory UTF8 or UTF16 support at the encoder's option.
> 
> Yes, but the recipient has to know which encoding was used (others 
> than UTF8/UTF16 are permitted). 
> 
> In a complete XML document, the XML declaration usually contains 
> this information (e.g. "<?xml encoding='UTF-8'?>">, but currently
> the AuthorizationData contains just one Assertion element, not
> a complete document.
> 
> I'm not really an XML expert, but I think the options available
> to use would be including this information in the "transport"
> (e.g., specify it's UTF-8, or include a field for encoding name),
> or mandating that AuthorizationData has to include the XML text
> declaration before the Assertion element.
> 
> Any opinions from XML experts?

Section 5.1 of RFC 3470/BCP 70 includes relevant text.  In a nutshell,
UTF-8 is a MUST if you're using XML.  UTF-16 is recommended since you
get it for free with XML parsers, but it's not required.  An XML
declaration is not needed if you're using either UTF-8 or UTF-16.  A
byte order mark is required with UTF-16.  Other encodings are possible,
but if something else is used it must be identified with an appropriate
XML declaration.

-Scott-

_______________________________________________
TLS mailing list
TLS@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls