W3C home > Mailing lists > Public > public-webauthn@w3.org > June 2018

Re: [webauthn] Fix #593: employ PRECIS RFC8264 et al for 'name'-ish domstring values

From: Addison Phillips via GitHub <sysbot+gh@w3.org>
Date: Wed, 27 Jun 2018 17:30:58 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-400766560-1530120657-sysbot+gh@w3.org>
@equalsJeffH Actually, I think:

> guidance in the spec whereas servers and clients SHOULD apply PRECIS to those name-ish strings

 is not nominally okay :-). Either webauth needs to require the normalization or it should have a health warning that similar looking strings that are not encoded identically do not match. In effect this is what [Charmod](http://w3c.github.io/charmod-norm/#normalizationChoice) is about (link goes to the specific section talking about spec choices related to normalization. If you choose to specify PRECIS, you should require it so that matches are consistent across implementations. Otherwise, you can recommend to content authors that they use the PRECIS rules and recommend to implementations that they warn users when `name` type values are not in PRECIS form--these are good things. But `SHOULD` is insufficient for good interop if the names are expected to match later.

I agree about the presentation warning.

-- 
GitHub Notification of comment by aphillips
Please view or discuss this issue at https://github.com/w3c/webauthn/pull/951#issuecomment-400766560 using your GitHub account
Received on Wednesday, 27 June 2018 17:31:02 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:33 UTC