Re: draft-ietf-httpbis-p7-auth-22, "2.2 Protection Space (Realm)"

On 2013/03/19 5:46, Julian Reschke wrote:
> On 2013-03-18 21:02, Mark Nottingham wrote:
>> Have you done any testing around what UAs currently do with RFC5987
>> encoding there, or just UTF-8?
>> ...
>
> Apparently they do either ISO-8859-1, or use the UA's locale (see
> discussion on http-auth).
>
> I haven't tried RFC5987, but I'm pretty sure nobody supports it (will
> add test case soonish).
>
> We may want to leave "realm" alone, and instead add something for
> display purposes ("prompt", "name"?).

I haven't worked this out, and it's not my area of expertise, so I'm 
just writing this up so that it doesn't get forgotten:

If the "realm" and the "display name" are separate, that might lead to 
some subtle security issues (same display name but different realms,...).

Regards,   Martin.

Received on Monday, 25 March 2013 09:26:20 UTC