"set authorizationValue to authentication entry" is insufficiently precise

[domenic]

https://fetch.spec.whatwg.org/commit-snapshots/1fbc40c1df1a353ce1a49de8e4b2c753563e265d/#http-network-or-cache-fetch

If there’s an authentication entry for httpRequest and either httpRequest’s use-URL-credentials flag is unset or httpRequest’s current URL does not include credentials, then set authorizationValue to authentication entry.

"authentication entry" is defined as

An authentication entry and a proxy-authentication entry are tuples of username, password, and realm, used for HTTP authentication and HTTP proxy authentication, and associated with one or more requests.

At the very least, I'd expect this to say "the authentication entry for httpRequest". Ideally, there'd be some algorithm for deriving an authentication entry from a request, including things like:

• Looking things up in a partitioned user-agent store
• Looking at the request's URL's username and password components.

[domenic]

Also, there's a preexisting XXX box for how you convert a "tuple of username, password, and realm" into a byte string for use in the Authorization header.