- From: Martin J. Dürst <duerst@it.aoyama.ac.jp>
- Date: Mon, 25 Mar 2013 18:25:34 +0900
- To: Julian Reschke <julian.reschke@gmx.de>
- CC: Mark Nottingham <mnot@mnot.net>, ietf-http-wg@w3.org
On 2013/03/19 5:46, Julian Reschke wrote:
> On 2013-03-18 21:02, Mark Nottingham wrote:
>> Have you done any testing around what UAs currently do with RFC5987
>> encoding there, or just UTF-8?
>> ...
>
> Apparently they do either ISO-8859-1, or use the UA's locale (see
> discussion on http-auth).
>
> I haven't tried RFC5987, but I'm pretty sure nobody supports it (will
> add test case soonish).
>
> We may want to leave "realm" alone, and instead add something for
> display purposes ("prompt", "name"?).
I haven't worked this out, and it's not my area of expertise, so I'm
just writing this up so that it doesn't get forgotten:
If the "realm" and the "display name" are separate, that might lead to
some subtle security issues (same display name but different realms,...).
Regards, Martin.
Received on Monday, 25 March 2013 09:26:20 UTC