Re: [jose] Stephen Farrell's Discuss on draft-ietf-jose-json-web-key-33: (with DISCUSS and COMMENT)

On 06/10/14 22:17, Jim Schaad wrote:
> 
> 
>> -----Original Message-----
>> From: Ted Lemon [mailto:Ted.Lemon@nominum.com]
>> Sent: Monday, October 06, 2014 1:34 PM
>> To: Jim Schaad
>> Cc: Mike Jones; Stephen Farrell; The IESG; jose-chairs@tools.ietf.org;
> draft-
>> ietf-jose-json-web-key@tools.ietf.org; jose@ietf.org
>> Subject: Re: [jose] Stephen Farrell's Discuss on
> draft-ietf-jose-json-web-key-
>> 33: (with DISCUSS and COMMENT)
>>
>> On Oct 6, 2014, at 4:28 PM, Jim Schaad <ietf@augustcellars.com> wrote:
>>> I worry that if we starting providing guidance to DNS names, then we
>>> need to worry about the I18N implications.  I don't remember if these
>>> are both case sensitive and easy to do the case conversion on.
>>
>> Isn't this a solved problem?   You convert to the unicode presentation and
>> then convert to the canonical case as defined in the unicode standard.
> The
>> worst case scenario is that you encounter some script where this rule
> doesn't
>> work, and that script is then in the position that all scripts are in now.
> 
> It may be it is, however this makes an assumption that clients are up on how
> to do this.  I.e. that JavaScript is going to do it right when I do a
> strlower function on a string.  I don't know that this is really the case.
> I would hope so but am unsure.

So we're talking about key ids here. In most case where those would
use DNS names, the code that creates the key id would know what its
doing and dumber code would be presented with the key id and would
not have to do the tolower().

So I would say its safe to add something like "When creating a key id,
if the code doing so is aware that it is dealing with a DNS name, then
that code should tolower() the DNS name before including those bytes
in the key id."

S.

> 
> _______________________________________________
> jose mailing list
> jose@ietf.org
> https://www.ietf.org/mailman/listinfo/jose
> 