An Encoding Parameter for HTTP Basic Authentication

The information below is for an old version of the document
Document Type Expired Internet-Draft (httpauth WG)
Last updated 2014-01-01 (latest revision 2013-06-30)
Replaces draft-reschke-basicauth-enc
Replaced by draft-ietf-httpauth-basicauth-update, rfc7617
Stream IETF
Intended RFC status (None)
Expired & archived
plain text pdf html bibtex
Stream WG state WG Document
Document shepherd None
IESG IESG state Expired
Consensus Boilerplate Unknown
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


The "Basic" authentication scheme defined in RFC 2617 does not properly define how to treat non-ASCII characters. This has led to a situation where user agent implementations disagree, and servers make different assumptions based on the locales they are running in. There is little interoperability for the non-ASCII characters in the ISO-8859-1 character repertoire, and even less interoperability for any characters beyond that. This document defines a backwards-compatible extension to "Basic", specifying the server's character encoding scheme expectation, using a new authentication scheme parameter.


Julian Reschke (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)