On Sat, Mar 14, 2015 at 1:23 PM, Paul Hoffman <[email protected]> wrote:
> On Mar 13, 2015, at 7:09 PM, Paul Wouters <[email protected]> wrote: > >> My comments on draft-ietf-dane-openpgpkey-02: > >> 1) Section 3, in case of EAI, it should specify the character encoding > of > >> the local-part on which to perform the SHA224 function. > > > > That's a valid point. Should we say that it should be UTF-8 ? I will > > add some text for this if I get a few more agreeing nods of people. > > Maybe I've lost track of EAI, but from RFC 6530, I got the impression that > all addresses already were in UTF-8. If so, you don't want to encourage > people to double-encode. True, double encoding would be bad. However, from a practical perspective it is likely that software would be working with addresses in a Unicode-aware type that is native to the programming language, rather than a byte string. As such, I think it would be good if we could include text that specifies the encoding without misleading implementers into double encoding. I suggest breaking the first bullet in Section 3 into the following: o The user name (the "left-hand side" of the email address, called the "local-part" in the mail message format definition [RFC2822] and the "local part" in the specification for internationalized email [RFC6530]) is extracted from the email address. This does not include the at symbol ("@") that separates the left and right sides of the email address. o The user name SHOULD be converted to UTF-8, unless it is already encoded in UTF-8. o The user name should then be hashed using the SHA2-224 [RFC5754] algorithm, with the hash being represented in its hexadecimal representation, to become the left-most label in the prepared domain name. .wil
_______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
