Internet Engineering Task Force (IETF) J. Reschke Request for Comments: 8187 greenbytes Obsoletes: 5987 September 2017 Category: Standards Track ISSN: 2070-1721
互联网工程任务组(IETF)J.Reschke征求意见:8187 greenbytes淘汰:5987 2017年9月类别:标准跟踪ISSN:2070-1721
Indicating Character Encoding and Language for HTTP Header Field Parameters
指示HTTP标头字段参数的字符编码和语言
Abstract
摘要
By default, header field values in Hypertext Transfer Protocol (HTTP) messages cannot easily carry characters outside the US-ASCII coded character set. RFC 2231 defines an encoding mechanism for use in parameters inside Multipurpose Internet Mail Extensions (MIME) header field values. This document specifies an encoding suitable for use in HTTP header fields that is compatible with a simplified profile of the encoding defined in RFC 2231.
默认情况下,超文本传输协议(HTTP)消息中的标题字段值不能轻松携带US-ASCII编码字符集之外的字符。RFC 2231定义了一种编码机制,用于多用途Internet邮件扩展(MIME)头字段值内的参数。本文档指定了适合在HTTP头字段中使用的编码,该编码与RFC 2231中定义的简化编码配置文件兼容。
This document obsoletes RFC 5987.
本文件淘汰RFC 5987。
Status of This Memo
关于下段备忘
This is an Internet Standards Track document.
这是一份互联网标准跟踪文件。
This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 7841.
本文件是互联网工程任务组(IETF)的产品。它代表了IETF社区的共识。它已经接受了公众审查,并已被互联网工程指导小组(IESG)批准出版。有关互联网标准的更多信息,请参见RFC 7841第2节。
Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at https://www.rfc-editor.org/info/rfc8187.
有关本文件当前状态、任何勘误表以及如何提供反馈的信息,请访问https://www.rfc-editor.org/info/rfc8187.
Copyright Notice
版权公告
Copyright (c) 2017 IETF Trust and the persons identified as the document authors. All rights reserved.
版权所有(c)2017 IETF信托基金和确定为文件作者的人员。版权所有。
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of
本文件受BCP 78和IETF信托有关IETF文件的法律规定的约束(https://trustee.ietf.org/license-info)自本文件出版之日起生效。请仔细阅读这些文件,因为它们描述了您对本文件的权利和限制。从本文件中提取的代码组件必须包括简化的BSD许可证文本,如本规范第4.e节所述
the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
如简化的BSD许可证所述,信托法律条款和许可证不提供任何担保。
Table of Contents
目录
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Notational Conventions . . . . . . . . . . . . . . . . . . . 3 3. Comparison to RFC 2231 and Definition of the Encoding . . . . 3 3.1. Parameter Continuations . . . . . . . . . . . . . . . . . 4 3.2. Parameter Value Character Encoding and Language Information . . . . . . . . . . . . . . . . . . . . . . . 4 3.2.1. Definition . . . . . . . . . . . . . . . . . . . . . 4 3.2.2. Historical Notes . . . . . . . . . . . . . . . . . . 6 3.2.3. Examples . . . . . . . . . . . . . . . . . . . . . . 6 3.3. Language Specification in Encoded Words . . . . . . . . . 7 4. Guidelines for Usage in HTTP Header Field Definitions . . . . 7 4.1. When to Use the Extension . . . . . . . . . . . . . . . . 8 4.2. Error Handling . . . . . . . . . . . . . . . . . . . . . 8 5. Security Considerations . . . . . . . . . . . . . . . . . . . 9 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 9 7.1. Normative References . . . . . . . . . . . . . . . . . . 9 7.2. Informative References . . . . . . . . . . . . . . . . . 10 Appendix A. Changes from RFC 5987 . . . . . . . . . . . . . . . 12 Appendix B. Implementation Report . . . . . . . . . . . . . . . 12 Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 13 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 13
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Notational Conventions . . . . . . . . . . . . . . . . . . . 3 3. Comparison to RFC 2231 and Definition of the Encoding . . . . 3 3.1. Parameter Continuations . . . . . . . . . . . . . . . . . 4 3.2. Parameter Value Character Encoding and Language Information . . . . . . . . . . . . . . . . . . . . . . . 4 3.2.1. Definition . . . . . . . . . . . . . . . . . . . . . 4 3.2.2. Historical Notes . . . . . . . . . . . . . . . . . . 6 3.2.3. Examples . . . . . . . . . . . . . . . . . . . . . . 6 3.3. Language Specification in Encoded Words . . . . . . . . . 7 4. Guidelines for Usage in HTTP Header Field Definitions . . . . 7 4.1. When to Use the Extension . . . . . . . . . . . . . . . . 8 4.2. Error Handling . . . . . . . . . . . . . . . . . . . . . 8 5. Security Considerations . . . . . . . . . . . . . . . . . . . 9 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 9 7.1. Normative References . . . . . . . . . . . . . . . . . . 9 7.2. Informative References . . . . . . . . . . . . . . . . . 10 Appendix A. Changes from RFC 5987 . . . . . . . . . . . . . . . 12 Appendix B. Implementation Report . . . . . . . . . . . . . . . 12 Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 13 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 13
Use of characters outside the US-ASCII coded character set ([RFC0020]) in HTTP header fields ([RFC7230]) is non-trivial:
在HTTP头字段([RFC7230])中使用US-ASCII编码字符集([RFC0020])之外的字符是非常重要的:
o The HTTP specification discourages use of non-US-ASCII characters in field values, placing them into the "obs-text" Augmented Backus-Naur Form (ABNF) production ([RFC7230], Section 3.2).
o HTTP规范不鼓励在字段值中使用非美国ASCII字符,将其放入“obs文本”增强的巴科斯瑙格式(ABNF)产品中([RFC7230],第3.2节)。
o Furthermore, it stays silent about default character encoding schemes for field values, so any use of non-US-ASCII characters would need to be specific to the field definition or would require some other kind of out-of-band information.
o 此外,它对字段值的默认字符编码方案保持沉默,因此任何非US ASCII字符的使用都需要特定于字段定义,或者需要一些其他类型的带外信息。
o Finally, some APIs assume a default character encoding scheme in order to map from the octet sequences (obtained from the HTTP message) to character sequences: for instance, the XMLHttpRequest API ([XMLHttpRequest]) uses the Interface Definition Language type "ByteString", effectively resulting in the ISO-8859-1 character encoding scheme ([ISO-8859-1]) being used.
o 最后,一些API采用默认字符编码方案,以便从八位字节序列(从HTTP消息中获得)映射到字符序列:例如,XMLHttpRequest API([XMLHttpRequest])使用接口定义语言类型“ByteString”,有效地产生ISO-8859-1字符编码方案([ISO-8859-1])正在使用。
On the other hand, RFC 2231 defines an encoding mechanism for parameters inside MIME header fields ([RFC2231]), which, as opposed to HTTP messages, do need to be sent over non-binary transports. This document specifies an encoding suitable for use in HTTP header fields that is compatible with a simplified profile of the encoding defined in RFC 2231. It can be applied to any HTTP header field that uses the common "parameter" ("name=value") syntax.
另一方面,RFC 2231为MIME头字段([RFC2231])内的参数定义了一种编码机制,与HTTP消息相反,它确实需要通过非二进制传输发送。本文档指定了适合在HTTP头字段中使用的编码,该编码与RFC 2231中定义的简化编码配置文件兼容。它可以应用于任何使用公共“参数”(“name=value”)语法的HTTP头字段。
This document obsoletes [RFC5987] and moves it to "Historic" status; the changes are summarized in Appendix A.
本文件淘汰[RFC5987]并将其移至“历史”状态;附录A总结了这些变化。
Note: In the remainder of this document, RFC 2231 is only referenced for the purpose of explaining the choice of features that were adopted; therefore, they are purely informative.
注:在本文件的其余部分中,RFC 2231仅用于解释所采用特征的选择;因此,它们纯粹是信息性的。
Note: This encoding does not apply to message payloads transmitted over HTTP, such as when using the media type "multipart/form-data" ([RFC7578]).
注意:此编码不适用于通过HTTP传输的消息有效负载,例如使用媒体类型“multipart/form data”([RFC7578])。
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119].
本文件中的关键词“必须”、“不得”、“必需”、“应”、“不应”、“建议”、“不建议”、“可”和“可选”应按照[RFC2119]中的说明进行解释。
This specification uses the ABNF notation defined in [RFC5234]. The following core rules are included by reference, as defined in [RFC5234], Appendix B.1: ALPHA (letters), DIGIT (decimal 0-9), HEXDIG (hexadecimal 0-9/A-F/a-f), and LWSP (linear whitespace).
本规范使用[RFC5234]中定义的ABNF符号。参考[RFC5234]附录B.1中定义的以下核心规则:字母(字母)、数字(十进制0-9)、十六进制数字(十六进制0-9/A-F/A-F)和LWSP(线性空白)。
This specification uses terminology defined in [RFC6365], namely: "character encoding scheme" (abbreviated to "character encoding" below), "charset", and "coded character set".
本规范使用[RFC6365]中定义的术语,即:“字符编码方案”(以下简称“字符编码”)、“字符集”和“编码字符集”。
Note that this differs from RFC 2231, which uses the term "character set" for "character encoding scheme".
注意,这与RFC 2231不同,RFC 2231使用术语“字符集”表示“字符编码方案”。
RFC 2231 defines several extensions to MIME. The sections below discuss if and how they apply to HTTP header fields.
RFC 2231定义了MIME的几个扩展。以下各节讨论它们是否以及如何应用于HTTP头字段。
In short:
简言之:
o Parameter Continuations aren't needed (Section 3.1),
o 不需要参数延续(第3.1节),
o Character Encoding and Language Information are useful, therefore a simple subset is specified (Section 3.2), and
o 字符编码和语言信息非常有用,因此指定了一个简单的子集(第3.2节),并且
o Language Specifications in Encoded Words aren't needed (Section 3.3).
o 不需要编码单词中的语言规范(第3.3节)。
Section 3 of [RFC2231] defines a mechanism that deals with the length limitations that apply to MIME headers. These limitations do not apply to HTTP ([RFC7231], Appendix A.6).
[RFC2231]的第3节定义了一种处理适用于MIME头的长度限制的机制。这些限制不适用于HTTP([RFC7231],附录A.6)。
Thus, parameter continuations are not part of the encoding defined by this specification.
因此,参数连续性不是本规范定义的编码的一部分。
Section 4 of [RFC2231] specifies how to embed language information into parameter values and also how to encode non-ASCII characters, dealing with restrictions both in MIME and HTTP header field parameters.
[RFC2231]的第4节规定了如何将语言信息嵌入参数值,以及如何编码非ASCII字符,以处理MIME和HTTP头字段参数中的限制。
However, RFC 2231 does not specify a mandatory-to-implement character encoding, making it hard for senders to decide which encoding to use. Thus, recipients implementing this specification MUST support the "UTF-8" character encoding [RFC3629].
但是,RFC 2231没有指定实现字符编码的强制命令,这使得发送者很难决定使用哪种编码。因此,实现此规范的收件人必须支持“UTF-8”字符编码[RFC3629]。
Furthermore, RFC 2231 allows the character encoding information to be left out. The encoding defined by this specification does not allow that.
此外,RFC 2231允许省略字符编码信息。本规范定义的编码不允许这样做。
The presence of extended parameter values is usually indicated by a parameter name ending in an asterisk character. However, note that this is just a convention, and that the extended parameter values need to be explicitly specified in the definition of the header field using this extension (see Section 4).
扩展参数值的存在通常由以星号字符结尾的参数名称表示。但是,请注意,这只是一种约定,需要在使用此扩展的头字段定义中显式指定扩展参数值(请参见第4节)。
The ABNF for extended parameter values is specified below:
扩展参数值的ABNF规定如下:
ext-value = charset "'" [ language ] "'" value-chars ; like RFC 2231's <extended-initial-value> ; (see [RFC2231], Section 7)
ext-value = charset "'" [ language ] "'" value-chars ; like RFC 2231's <extended-initial-value> ; (see [RFC2231], Section 7)
charset = "UTF-8" / mime-charset
charset=“UTF-8”/mime字符集
mime-charset = 1*mime-charsetc mime-charsetc = ALPHA / DIGIT / "!" / "#" / "$" / "%" / "&" / "+" / "-" / "^" / "_" / "`" / "{" / "}" / "~" ; as <mime-charset> in Section 2.3 of [RFC2978] ; except that the single quote is not included ; SHOULD be registered in the IANA charset registry
mime-charset = 1*mime-charsetc mime-charsetc = ALPHA / DIGIT / "!" / "#" / "$" / "%" / "&" / "+" / "-" / "^" / "_" / "`" / "{" / "}" / "~" ; as <mime-charset> in Section 2.3 of [RFC2978] ; except that the single quote is not included ; SHOULD be registered in the IANA charset registry
language = <Language-Tag, see [RFC5646], Section 2.1>
language = <Language-Tag, see [RFC5646], Section 2.1>
value-chars = *( pct-encoded / attr-char )
value-chars = *( pct-encoded / attr-char )
pct-encoded = "%" HEXDIG HEXDIG ; see [RFC3986], Section 2.1
pct编码=“%”HEXDIG HEXDIG;参见[RFC3986],第2.1节
attr-char = ALPHA / DIGIT / "!" / "#" / "$" / "&" / "+" / "-" / "." / "^" / "_" / "`" / "|" / "~" ; token except ( "*" / "'" / "%" )
attr-char = ALPHA / DIGIT / "!" / "#" / "$" / "&" / "+" / "-" / "." / "^" / "_" / "`" / "|" / "~" ; token except ( "*" / "'" / "%" )
The value part of an extended parameter (ext-value) is a token that consists of three parts:
扩展参数(ext value)的值部分是由三部分组成的标记:
1. the REQUIRED character encoding name (charset),
1. 所需的字符编码名称(字符集),
2. the OPTIONAL language information (language), and
2. 可选语言信息(语言),以及
3. a character sequence representing the actual value (value-chars), separated by single quote characters.
3. 表示实际值(值字符)的字符序列,由单引号字符分隔。
Note that both character encoding names and language tags are restricted to the US-ASCII coded character set and are matched case-insensitively (see Section 2.3 of [RFC2978] and Section 2.1.1 of [RFC5646]).
请注意,字符编码名称和语言标记均限于US-ASCII编码字符集,且大小写匹配不敏感(参见[RFC2978]第2.3节和[RFC5646]第2.1.1节)。
Inside the value part, characters not contained in attr-char are encoded into an octet sequence using the specified character encoding. That octet sequence is then percent-encoded as specified in Section 2.1 of [RFC3986].
在值部分中,使用指定的字符编码将attr char中不包含的字符编码为八位字节序列。然后按照[RFC3986]第2.1节的规定对该八位组序列进行百分比编码。
Producers MUST use the "UTF-8" ([RFC3629]) character encoding. Extension character encodings (mime-charset) are reserved for future use.
生产者必须使用“UTF-8”([RFC3629])字符编码。扩展字符编码(mime字符集)保留供将来使用。
Note: Recipients should be prepared to handle encoding errors, such as malformed or incomplete percent escape sequences, or non-decodable octet sequences, in a robust manner. This specification does not mandate any specific behavior; for instance, the following strategies are all acceptable:
注意:接收者应准备好以稳健的方式处理编码错误,例如错误的或不完整的百分比转义序列,或不可解码的八位字节序列。本规范不要求任何特定行为;例如,以下策略都是可以接受的:
* ignoring the parameter,
* 忽略参数,
* stripping a non-decodable octet sequence, and
* 剥离不可解码的八位组序列,以及
* substituting a non-decodable octet sequence by a replacement character, such as the Unicode character U+FFFD (Replacement Character).
* 用替换字符替换不可解码的八位字节序列,例如Unicode字符U+FFFD(替换字符)。
The RFC 7230 token production ([RFC7230], Section 3.2.6) differs from the production used in RFC 2231 (imported from Section 5.1 of [RFC2045]) in that curly braces (i.e., "{" and "}") are excluded. Thus, these two characters are excluded from the attr-char production as well.
RFC 7230代币生产([RFC7230],第3.2.6节)不同于RFC 2231中使用的生产(从[RFC2045]第5.1节导入),因为不包括花括号(即“{”和“}”)。因此,这两个字符也被排除在attr char生成之外。
The <mime-charset> ABNF defined here differs from the one in Section 2.3 of [RFC2978] in that it does not allow the single quote character (see also RFC Errata ID 1912 [Err1912]). In practice, no character encoding names using that character have been registered at the time of this writing.
此处定义的<mime charset>ABNF与[RFC2978]第2.3节中的不同之处在于它不允许使用单引号字符(另请参见RFC勘误表ID 1912[Err1912])。实际上,在撰写本文时,尚未注册使用该字符的字符编码名称。
For backwards compatibility with RFC 2231, the encoding defined by this specification deviates from common parameter syntax in that the quoted-string notation is not allowed. Implementations using generic parser components might not be able to detect the use of quoted-string notation and thus might accept that format, although invalid, as well.
为了向后兼容RFC 2231,本规范定义的编码与通用参数语法不同,不允许使用带引号的字符串表示法。使用通用解析器组件的实现可能无法检测引用字符串表示法的使用,因此可能会接受该格式,尽管该格式无效。
[RFC5987] did require support for ISO-8859-1 ([ISO-8859-1]), too; for compatibility with legacy code, recipients are encouraged to support this encoding as well.
[RFC5987]也需要支持ISO-8859-1([ISO-8859-1]);为了与遗留代码兼容,建议收件人也支持这种编码。
Non-extended notation, using "token":
使用“标记”的非扩展表示法:
foo: bar; title=Economy
foo: bar; title=Economy
Non-extended notation, using "quoted-string":
使用“带引号的字符串”的非扩展表示法:
foo: bar; title="US-$ rates"
foo: bar; title="US-$ rates"
Extended notation, using the Unicode character U+00A3 ("£", POUND SIGN):
扩展符号,使用Unicode字符U+00A3(“£”,磅号):
foo: bar; title*=utf-8'en'%C2%A3%20rates
foo: bar; title*=utf-8'en'%C2%A3%20rates
Note: The Unicode pound sign character U+00A3 was encoded into the octet sequence C2 A3 using the UTF-8 character encoding, and then percent-encoded. Also, note that the space character was encoded as %20, as it is not contained in attr-char.
注意:Unicode磅符号字符U+00A3使用UTF-8字符编码编码到八位字节序列C2 A3中,然后进行百分比编码。另外,请注意空格字符编码为%20,因为它不包含在attr char中。
Extended notation, using the Unicode characters U+00A3 ("£", POUND SIGN) and U+20AC ("€", EURO SIGN):
扩展表示法,使用Unicode字符U+00A3(磅符号)和U+20AC(欧元符号):
foo: bar; title*=UTF-8''%c2%a3%20and%20%e2%82%ac%20rates
foo: bar; title*=UTF-8''%c2%a3%20and%20%e2%82%ac%20rates
Note: The Unicode pound sign character U+00A3 was encoded into the octet sequence C2 A3 using the UTF-8 character encoding, and then percent-encoded. Likewise, the Unicode euro sign character U+20AC was encoded into the octet sequence E2 82 AC, and then percent-encoded. Also note that HEXDIG allows both lowercase and uppercase characters, so recipients must understand both, and that the language information is optional, while the character encoding is not.
注意:Unicode磅符号字符U+00A3使用UTF-8字符编码编码到八位字节序列C2 A3中,然后进行百分比编码。同样,Unicode欧洲符号字符U+20AC被编码到八位字节序列E282ac中,然后进行百分比编码。还请注意,HEXDIG同时允许小写和大写字符,因此收件人必须同时理解这两种字符,并且语言信息是可选的,而字符编码则不是。
Section 5 of [RFC2231] extends the encoding defined in [RFC2047] to also support language specification in encoded words. RFC 2616, the now-obsolete HTTP/1.1 specification, did refer to RFC 2047 ([RFC2616], Section 2.2). However, it wasn't clear to which header field it applied. Consequently, the current revision of the HTTP/1.1 specification has deprecated use of the encoding forms defined in RFC 2047 (see Section 3.2.4 of [RFC7230]).
[RFC2231]第5节扩展了[RFC2047]中定义的编码,以支持编码字中的语言规范。RFC 2616,现在已经过时的HTTP/1.1规范,确实参考了RFC 2047([RFC2616],第2.2节)。但是,不清楚它应用于哪个标题字段。因此,HTTP/1.1规范的当前版本不推荐使用RFC 2047中定义的编码形式(见[RFC7230]第3.2.4节)。
Thus, this specification does not include this feature.
因此,本规范不包括该特性。
Specifications of HTTP header fields that use the extensions defined in Section 3.2 ought to clearly state that. A simple way to achieve this is to normatively reference this specification and to include the ext-value production into the ABNF for specific header field parameters.
使用第3.2节中定义的扩展的HTTP头字段的规范应该清楚地说明这一点。实现这一点的一个简单方法是规范性地引用本规范,并将ext值生成包含到ABNF中,以获得特定的标题字段参数。
For instance:
例如:
foo = token ";" LWSP title-param title-param = "title" LWSP "=" LWSP value / "title*" LWSP "=" LWSP ext-value ext-value = <see RFC 8187, Section 3.2>
foo = token ";" LWSP title-param title-param = "title" LWSP "=" LWSP value / "title*" LWSP "=" LWSP ext-value ext-value = <see RFC 8187, Section 3.2>
Note: The Parameter Value Continuation feature defined in Section 3 of [RFC2231] makes it impossible to have multiple instances of extended parameters with identical names, as the processing of continuations would become ambiguous. Thus, specifications using this extension are advised to disallow this case for compatibility with RFC 2231.
注:[RFC2231]第3节中定义的参数值连续性特征使得扩展参数的多个实例不可能具有相同的名称,因为连续性的处理将变得不明确。因此,为了与RFC 2231兼容,建议使用此扩展的规范不允许这种情况。
Note: This specification does not automatically assign a new interpretation to parameter names ending in an asterisk. As pointed out above, it's up to the specification for the non-extended parameter to "opt in" to the syntax defined here. That being said, some existing implementations are known to automatically switch to using this notation when a parameter name ends with an asterisk; thus, using parameter names ending in an asterisk for something else is likely to cause interoperability problems.
注:本规范不会自动为以星号结尾的参数名称指定新的解释。如上所述,非扩展参数“opt-in”是否符合此处定义的语法取决于规范。也就是说,当参数名以星号结尾时,一些现有的实现会自动切换到使用这种表示法;因此,使用以星号结尾的参数名表示其他内容可能会导致互操作性问题。
Section 4.2 of [RFC2277] requires that protocol elements containing human-readable text be able to carry language information. Thus, the ext-value production ought to always be used when the parameter value is of a textual nature and its language is known.
[RFC2277]第4.2节要求包含人类可读文本的协议元素能够携带语言信息。因此,当参数值具有文本性质且其语言已知时,应始终使用ext值生成。
Furthermore, the extension ought to also be used whenever the parameter value needs to carry characters not present in the US-ASCII coded character set ([RFC0020]); note that it would be unacceptable to define a new parameter that would be restricted to a subset of the Unicode character set.
此外,当参数值需要携带US-ASCII编码字符集([RFC0020])中不存在的字符时,也应使用扩展名;请注意,定义一个仅限于Unicode字符集子集的新参数是不可接受的。
Header field specifications need to define whether multiple instances of parameters with identical names are allowed and how they should be processed. This specification suggests that a parameter using the extended syntax takes precedence. This would allow producers to use both formats without breaking recipients that do not understand the extended syntax yet.
标题字段规范需要定义是否允许具有相同名称的参数的多个实例,以及如何处理它们。此规范建议使用扩展语法的参数优先。这将允许生产者使用这两种格式,而不会打断还不理解扩展语法的接收者。
Example:
例子:
foo: bar; title="EURO exchange rates"; title*=utf-8''%e2%82%ac%20exchange%20rates
foo: bar; title="EURO exchange rates"; title*=utf-8''%e2%82%ac%20exchange%20rates
In this case, the sender provides an ASCII version of the title for legacy recipients, but also includes an internationalized version for recipients understanding this specification -- the latter obviously ought to prefer the new syntax over the old one.
在这种情况下,发送方为遗留收件人提供了一个ASCII版本的标题,但也为理解此规范的收件人提供了一个国际化版本——后者显然应该更喜欢新语法而不是旧语法。
The format described in this document makes it possible to transport non-ASCII characters, and thus enables character "spoofing" scenarios in which a displayed value appears to be something other than it is.
本文档中描述的格式使传输非ASCII字符成为可能,从而支持字符“欺骗”场景,其中显示的值似乎与实际值不同。
Furthermore, there are known attack scenarios related to decoding UTF-8.
此外,存在与解码UTF-8相关的已知攻击场景。
See Section 10 of [RFC3629] for more information on both topics.
有关这两个主题的更多信息,请参见[RFC3629]第10节。
In addition, the extension specified in this document makes it possible to transport multiple language variants for a single parameter, and such use might allow spoofing attacks where different language versions of the same parameter are not equivalent. Whether this attack is effective as an attack depends on the parameter specified.
此外,本文档中指定的扩展允许为单个参数传输多个语言变体,并且这种使用可能允许在同一参数的不同语言版本不等效的情况下进行欺骗攻击。此攻击是否作为攻击有效取决于指定的参数。
This document does not require any IANA actions.
本文件不要求IANA采取任何行动。
[RFC0020] Cerf, V., "ASCII format for network interchange", STD 80, RFC 20, DOI 10.17487/RFC0020, October 1969, <https://www.rfc-editor.org/info/rfc20>.
[RFC0020]Cerf,V.,“网络交换的ASCII格式”,STD 80,RFC 20,DOI 10.17487/RFC0020,1969年10月<https://www.rfc-editor.org/info/rfc20>.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, <https://www.rfc-editor.org/info/rfc2119>.
[RFC2119]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,DOI 10.17487/RFC2119,1997年3月<https://www.rfc-editor.org/info/rfc2119>.
[RFC2978] Freed, N. and J. Postel, "IANA Charset Registration Procedures", BCP 19, RFC 2978, DOI 10.17487/RFC2978, October 2000, <https://www.rfc-editor.org/info/rfc2978>.
[RFC2978]Freed,N.和J.Postel,“IANA字符集注册程序”,BCP 19,RFC 2978,DOI 10.17487/RFC2978,2000年10月<https://www.rfc-editor.org/info/rfc2978>.
[RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO 10646", STD 63, RFC 3629, DOI 10.17487/RFC3629, November 2003, <https://www.rfc-editor.org/info/rfc3629>.
[RFC3629]Yergeau,F.,“UTF-8,ISO 10646的转换格式”,STD 63,RFC 3629,DOI 10.17487/RFC3629,2003年11月<https://www.rfc-editor.org/info/rfc3629>.
[RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform Resource Identifier (URI): Generic Syntax", STD 66, RFC 3986, DOI 10.17487/RFC3986, January 2005, <https://www.rfc-editor.org/info/rfc3986>.
[RFC3986]Berners Lee,T.,Fielding,R.,和L.Masinter,“统一资源标识符(URI):通用语法”,STD 66,RFC 3986,DOI 10.17487/RFC3986,2005年1月<https://www.rfc-editor.org/info/rfc3986>.
[RFC5234] Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax Specifications: ABNF", STD 68, RFC 5234, DOI 10.17487/RFC5234, January 2008, <https://www.rfc-editor.org/info/rfc5234>.
[RFC5234]Crocker,D.,Ed.和P.Overell,“语法规范的扩充BNF:ABNF”,STD 68,RFC 5234,DOI 10.17487/RFC5234,2008年1月<https://www.rfc-editor.org/info/rfc5234>.
[RFC5646] Phillips, A., Ed. and M. Davis, Ed., "Tags for Identifying Languages", BCP 47, RFC 5646, DOI 10.17487/RFC5646, September 2009, <https://www.rfc-editor.org/info/rfc5646>.
[RFC5646]Phillips,A.,Ed.和M.Davis,Ed.,“识别语言的标签”,BCP 47,RFC 5646,DOI 10.17487/RFC5646,2009年9月<https://www.rfc-editor.org/info/rfc5646>.
[RFC7230] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing", RFC 7230, DOI 10.17487/RFC7230, June 2014, <https://www.rfc-editor.org/info/rfc7230>.
[RFC7230]Fielding,R.,Ed.和J.Reschke,Ed.,“超文本传输协议(HTTP/1.1):消息语法和路由”,RFC 7230,DOI 10.17487/RFC7230,2014年6月<https://www.rfc-editor.org/info/rfc7230>.
[RFC7231] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content", RFC 7231, DOI 10.17487/RFC7231, June 2014, <https://www.rfc-editor.org/info/rfc7231>.
[RFC7231]Fielding,R.,Ed.和J.Reschke,Ed.,“超文本传输协议(HTTP/1.1):语义和内容”,RFC 7231,DOI 10.17487/RFC72312014年6月<https://www.rfc-editor.org/info/rfc7231>.
[Err1912] RFC Errata, "Erratum ID 1912, RFC 2978", <https://www.rfc-editor.org/errata/eid1912>.
[Err1912]RFC勘误表,“勘误表ID 1912,RFC 2978”<https://www.rfc-editor.org/errata/eid1912>.
[ISO-8859-1] International Organization for Standardization, "Information technology -- 8-bit single-byte coded graphic character sets -- Part 1: Latin alphabet No. 1", ISO/ IEC 8859-1:1998, 1998.
[ISO-8859-1]国际标准化组织,“信息技术——8位单字节编码图形字符集——第1部分:拉丁字母表1”,ISO/IEC 8859-1:1998,1998。
[RFC2045] Freed, N. and N. Borenstein, "Multipurpose Internet Mail Extensions (MIME) Part One: Format of Internet Message Bodies", RFC 2045, DOI 10.17487/RFC2045, November 1996, <https://www.rfc-editor.org/info/rfc2045>.
[RFC2045]Freed,N.和N.Borenstein,“多用途互联网邮件扩展(MIME)第一部分:互联网邮件正文格式”,RFC 2045,DOI 10.17487/RFC20451996年11月<https://www.rfc-editor.org/info/rfc2045>.
[RFC2047] Moore, K., "MIME (Multipurpose Internet Mail Extensions) Part Three: Message Header Extensions for Non-ASCII Text", RFC 2047, DOI 10.17487/RFC2047, November 1996, <https://www.rfc-editor.org/info/rfc2047>.
[RFC2047]Moore,K.,“MIME(多用途互联网邮件扩展)第三部分:非ASCII文本的消息头扩展”,RFC 2047,DOI 10.17487/RFC2047,1996年11月<https://www.rfc-editor.org/info/rfc2047>.
[RFC2231] Freed, N. and K. Moore, "MIME Parameter Value and Encoded Word Extensions: Character Sets, Languages, and Continuations", RFC 2231, DOI 10.17487/RFC2231, November 1997, <https://www.rfc-editor.org/info/rfc2231>.
[RFC2231]Freed,N.和K.Moore,“MIME参数值和编码字扩展:字符集、语言和连续体”,RFC 2231,DOI 10.17487/RFC2231,1997年11月<https://www.rfc-editor.org/info/rfc2231>.
[RFC2277] Alvestrand, H., "IETF Policy on Character Sets and Languages", BCP 18, RFC 2277, DOI 10.17487/RFC2277, January 1998, <https://www.rfc-editor.org/info/rfc2277>.
[RFC2277]Alvestrand,H.,“IETF字符集和语言政策”,BCP 18,RFC 2277,DOI 10.17487/RFC2277,1998年1月<https://www.rfc-editor.org/info/rfc2277>.
[RFC2616] Fielding, R., Gettys, J., Mogul, J., Frystyk, H., Masinter, L., Leach, P., and T. Berners-Lee, "Hypertext Transfer Protocol -- HTTP/1.1", RFC 2616, DOI 10.17487/RFC2616, June 1999, <https://www.rfc-editor.org/info/rfc2616>.
[RFC2616]Fielding,R.,Gettys,J.,Mogul,J.,Frystyk,H.,Masinter,L.,Leach,P.,和T.Berners Lee,“超文本传输协议——HTTP/1.1”,RFC 2616,DOI 10.17487/RFC2616,1999年6月<https://www.rfc-editor.org/info/rfc2616>.
[RFC5987] Reschke, J., "Character Set and Language Encoding for Hypertext Transfer Protocol (HTTP) Header Field Parameters", RFC 5987, DOI 10.17487/RFC5987, August 2010, <https://www.rfc-editor.org/info/rfc5987>.
[RFC5987]Reschke,J.,“超文本传输协议(HTTP)头字段参数的字符集和语言编码”,RFC 5987,DOI 10.17487/RFC5987,2010年8月<https://www.rfc-editor.org/info/rfc5987>.
[RFC5988] Nottingham, M., "Web Linking", RFC 5988, DOI 10.17487/RFC5988, October 2010, <https://www.rfc-editor.org/info/rfc5988>.
[RFC5988]诺丁汉,M.,“网络链接”,RFC 5988,DOI 10.17487/RFC5988,2010年10月<https://www.rfc-editor.org/info/rfc5988>.
[RFC6266] Reschke, J., "Use of the Content-Disposition Header Field in the Hypertext Transfer Protocol (HTTP)", RFC 6266, DOI 10.17487/RFC6266, June 2011, <https://www.rfc-editor.org/info/rfc6266>.
[RFC6266]Reschke,J.,“超文本传输协议(HTTP)中内容处置头字段的使用”,RFC 6266,DOI 10.17487/RFC6266,2011年6月<https://www.rfc-editor.org/info/rfc6266>.
[RFC6365] Hoffman, P. and J. Klensin, "Terminology Used in Internationalization in the IETF", BCP 166, RFC 6365, DOI 10.17487/RFC6365, September 2011, <https://www.rfc-editor.org/info/rfc6365>.
[RFC6365]Hoffman,P.和J.Klensin,“IETF国际化中使用的术语”,BCP 166,RFC 6365,DOI 10.17487/RFC6365,2011年9月<https://www.rfc-editor.org/info/rfc6365>.
[RFC7578] Masinter, L., "Returning Values from Forms: multipart/ form-data", RFC 7578, DOI 10.17487/RFC7578, July 2015, <https://www.rfc-editor.org/info/rfc7578>.
[RFC7578]Masinter,L.“从表单返回值:多部分/表单数据”,RFC 7578,DOI 10.17487/RFC7578,2015年7月<https://www.rfc-editor.org/info/rfc7578>.
[RFC7616] Shekh-Yusef, R., Ed., Ahrens, D., and S. Bremer, "HTTP Digest Access Authentication", RFC 7616, DOI 10.17487/RFC7616, September 2015, <https://www.rfc-editor.org/info/rfc7616>.
[RFC7616]Shekh Yusef,R.,Ed.,Ahrens,D.,和S.Bremer,“HTTP摘要访问认证”,RFC 7616,DOI 10.17487/RFC76162015年9月<https://www.rfc-editor.org/info/rfc7616>.
[RFC8053] Oiwa, Y., Watanabe, H., Takagi, H., Maeda, K., Hayashi, T., and Y. Ioku, "HTTP Authentication Extensions for Interactive Clients", RFC 8053, DOI 10.17487/RFC8053, January 2017, <https://www.rfc-editor.org/info/rfc8053>.
[RFC8053]Oiwa,Y.,Watanabe,H.,Takagi,H.,Maeda,K.,Hayashi,T.,和Y.Ioku,“交互式客户端的HTTP身份验证扩展”,RFC 8053,DOI 10.17487/RFC8053,2017年1月<https://www.rfc-editor.org/info/rfc8053>.
[XMLHttpRequest] WhatWG, "XMLHttpRequest", <https://xhr.spec.whatwg.org/>.
[XMLHttpRequest]什么,“XMLHttpRequest”<https://xhr.spec.whatwg.org/>.
This section summarizes the changes compared to [RFC5987]:
本节总结了与[RFC5987]相比的变化:
o The document title was changed to "Indicating Character Encoding and Language for HTTP Header Field Parameters".
o 文档标题更改为“指示HTTP标头字段参数的字符编码和语言”。
o The introduction was rewritten to better explain the issues around non-ASCII characters in field values.
o 为了更好地解释字段值中非ASCII字符的相关问题,重新编写了引言。
o The requirement to support the "ISO-8859-1" encoding was removed.
o 取消了支持“ISO-8859-1”编码的要求。
o This document no longer attempts to redefine a generic "parameter" ABNF (it turned out that there really isn't a generic definition of parameters in HTTP; for instance, there are subtle differences with respect to whitespace handling).
o 本文档不再试图重新定义一个通用的“参数”ABNF(事实证明,HTTP中确实没有参数的通用定义;例如,在空白处理方面存在细微的差异)。
o A note about defects in error handling in current implementations was removed, as it was no longer accurate.
o 删除了关于当前实现中错误处理缺陷的说明,因为它不再准确。
The encoding defined in this document is currently used in four different HTTP header fields:
本文档中定义的编码目前用于四个不同的HTTP头字段:
o "Authentication-Control", defined in [RFC8053],
o [RFC8053]中定义的“认证控制”,
o "Authorization" (as used in HTTP Digest Authentication, defined in [RFC7616]),
o “授权”(在[RFC7616]中定义的HTTP摘要身份验证中使用),
o "Content-Disposition", defined in [RFC6266], and
o [RFC6266]中定义的“内容处置”,以及
o "Link", defined in [RFC5988].
o [RFC5988]中定义的“链接”。
As the encoding is a profile/clarification of the one defined in [RFC2231] in 1997, many user agents already supported it for use in "Content-Disposition" when [RFC5987] was published.
由于编码是1997年[RFC2231]中定义的配置文件/说明,许多用户代理在[RFC5987]发布时已经支持将其用于“内容处置”。
Since the publication of [RFC5987], three more popular desktop user agents have added support for this encoding; see <http://purl.org/NET/http/content-disposition-tests#encoding-2231-char> for details. At this time, the current versions of all major desktop user agents support it.
自从[RFC5987]发布以来,三个更流行的桌面用户代理增加了对这种编码的支持;看<http://purl.org/NET/http/content-disposition-tests#encoding-有关详细信息,请参见2231 char>。目前,所有主要桌面用户代理的当前版本都支持它。
Note that the implementation in Internet Explorer 9 does not support the ISO-8859-1 character encoding; this document revision acknowledges that UTF-8 is sufficient for expressing all code points and removes the requirement to support ISO-8859-1.
请注意,Internet Explorer 9中的实现不支持ISO-8859-1字符编码;本文件版本承认UTF-8足以表达所有代码点,并取消了支持ISO-8859-1的要求。
The "Link" header field, on the other hand, was more recently specified in [RFC5988]. At the time of this writing, no user agent except Firefox supported the "title*" parameter (starting with release 15).
另一方面,“链接”标题字段最近在[RFC5988]中指定。在撰写本文时,除了Firefox之外,没有任何用户代理支持“title*”参数(从版本15开始)。
Section 3.4 of [RFC7616] defines the "username*" parameter for use in HTTP Digest Authentication. At the time of writing, no user agent implemented this extension.
[RFC7616]的第3.4节定义了用于HTTP摘要身份验证的“username*”参数。在撰写本文时,没有用户代理实现此扩展。
Acknowledgements
致谢
Thanks to Martin Dürst and Frank Ellermann for help figuring out ABNF details, to Graham Klyne and Alexey Melnikov for general review, to Chris Newman for pointing out an RFC 2231 incompatibility, and to Benjamin Carlyle, Roar Lauritzsen, Eric Lawrence, and James Manger for implementers feedback.
感谢Martin Dürst和Frank Ellermann帮助我们了解ABNF的详细信息,感谢Graham Klyne和Alexey Melnikov进行全面审查,感谢Chris Newman指出RFC 2231不兼容,感谢Benjamin Carlyle、Roar Lauritzsen、Eric Lawrence和James Manger为实现者提供反馈。
Furthermore, thanks to the members of the IETF HTTP Working Group for the feedback specific to this update of RFC 5987.
此外,感谢IETF HTTP工作组成员对RFC 5987更新的反馈。
Author's Address
作者地址
Julian F. Reschke greenbytes GmbH Hafenweg 16 Münster, NW 48155 Germany
Julian F.Reschke greenbytes GmbH Hafenweg 16 Munster,西北48155德国
Email: julian.reschke@greenbytes.de URI: http://greenbytes.de/tech/webdav/
Email: julian.reschke@greenbytes.de URI: http://greenbytes.de/tech/webdav/