W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2013

Re: draft-ietf-httpbis-p7-auth-22, "2.2 Protection Space (Realm)"

From: Martin J. Dürst <duerst@it.aoyama.ac.jp>
Date: Mon, 25 Mar 2013 18:25:34 +0900
Message-ID: <5150180E.1090108@it.aoyama.ac.jp>
To: Julian Reschke <julian.reschke@gmx.de>
CC: Mark Nottingham <mnot@mnot.net>, ietf-http-wg@w3.org
On 2013/03/19 5:46, Julian Reschke wrote:
> On 2013-03-18 21:02, Mark Nottingham wrote:
>> Have you done any testing around what UAs currently do with RFC5987
>> encoding there, or just UTF-8?
>> ...
>
> Apparently they do either ISO-8859-1, or use the UA's locale (see
> discussion on http-auth).
>
> I haven't tried RFC5987, but I'm pretty sure nobody supports it (will
> add test case soonish).
>
> We may want to leave "realm" alone, and instead add something for
> display purposes ("prompt", "name"?).

I haven't worked this out, and it's not my area of expertise, so I'm 
just writing this up so that it doesn't get forgotten:

If the "realm" and the "display name" are separate, that might lead to 
some subtle security issues (same display name but different realms,...).

Regards,   Martin.
Received on Monday, 25 March 2013 09:26:20 GMT

This archive was generated by hypermail 2.3.1 : Monday, 25 March 2013 09:26:26 GMT