Cookie parameter "domain" might be wrongly encoded (for non-ASCII-only domains)

[d-maurer]

HTTP specifies "ISO-8859-1" as charset to be used in its headers; however, recently non-ASCII characters are deprecated altogether. This poses the question how to encode non-ASCII material in those headers.

There are many competing standards to encode non-ASCII as ASCII, even in the context of HTTP. Often, the relevant specifications do not answer the question which encoding should be used.

Originally, domain names have been ASCII-only; but then international domain names have been allowed together with the IDNA standard which specifies how international domain names can be ASCII encoded. Implementing the cookie enhancement, I chose this encoding for the domain parameter. This choice might have been wrong.
Working on #1027, I recognized that modern browsers might instead expect the usual UTF-8 than URL-quote encoding (which is significantly simpler than IDNA) also for the domain cookie parameter.

I have no means to determine which is the "correct" (i.e. supported by modern browser) encoding.