Hi again, Alexey. I'd like to update the document before Monday's submission deadline if you still want the proposed change below. Please let me know one way or the other.
Thanks, -- Mike P.S. You'll see that Adam now considers his DISCUSS satisfied, so yours is the last one remaining. -----Original Message----- From: Mike Jones <michael.jo...@microsoft.com> Sent: Wednesday, February 28, 2018 11:45 AM To: Alexey Melnikov <aamelni...@fastmail.fm>; The IESG <i...@ietf.org> Cc: draft-ietf-oauth-discov...@ietf.org; oauth-cha...@ietf.org; oauth@ietf.org Subject: RE: [OAUTH-WG] Alexey Melnikov's Discuss on draft-ietf-oauth-discovery-09: (with DISCUSS and COMMENT) Hi Alexey, FYI, the only place in the spec that case-insensitive comparisons exist are comparisons done by the Designated Experts when considering IANA registrations. If implementations had to do case-insensitive comparisons, then yes, recommending toLowerCase() would absolutely make sense, but it's human beings doing the case folding when evaluating proposed registrations. I'll also note that this is exactly the same language used in the instructions to Designated Experts in related registries. For instance, you can see it in use at these (and many other) locations: https://tools.ietf.org/html/rfc7515#section-9.1.1 https://tools.ietf.org/html/rfc7517#section-8.1.1 https://tools.ietf.org/html/rfc7518#section-7.1.1 https://tools.ietf.org/html/rfc7519#section-10.1.1 https://tools.ietf.org/html/rfc7800#section-6.2.1 Whereas the use of toLowerCase() in https://tools.ietf.org/html/rfc8265#section-3.3.1 makes perfect sense, because it's a transformation performed by computer programs. That said, I'll leave it up to you. If you still want me to make a change, I'd propose making this one: Change "Names may not match other registered names in a case-insensitive manner unless the Designated Experts state that there is a compelling reason to allow an exception" to "Names may not match other registered names in a case-insensitive manner (one that would cause a match if the Unicode toLowerCase() operation were applied to both strings) unless the Designated Experts state that there is a compelling reason to allow an exception". If you still want a change, I'll add this parenthetical remark during the next set of edits. (However, I'll wait for Adam to weigh in on his DISCUSS before republishing.) Let me know. Thanks again, -- Mike -----Original Message----- From: OAuth <oauth-boun...@ietf.org> On Behalf Of Alexey Melnikov Sent: Wednesday, February 28, 2018 6:44 AM To: The IESG <i...@ietf.org> Cc: draft-ietf-oauth-discov...@ietf.org; oauth-cha...@ietf.org; oauth@ietf.org Subject: [OAUTH-WG] Alexey Melnikov's Discuss on draft-ietf-oauth-discovery-09: (with DISCUSS and COMMENT) Alexey Melnikov has entered the following ballot position for draft-ietf-oauth-discovery-09: Discuss When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-oauth-discovery/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- Thank you for the well written IANA Considerations section. I have one comment on it which should be easy to resolve: The document doesn't seem to say anything about allowed characters in Metadata names. When the document talks about "case-insensitive matching", it is not clear how to implement the matching, because it is not clear whether or not Metadata names are ASCII only. If they are not, then you need to better define what "case insensitive" means. You've made a change in section 7.1, which looks good. However there is still the following text in 7.1.1: Metadata Name: The name requested (e.g., "issuer"). This name is case-sensitive. Names may not match other registered names in a case-insensitive I suggest replacing "in a case-insensitive manner" with something like "if when applying Unicode toLowerCase() to both, they compare equal". Or maybe keep "case-insensitive" and just add a sentence explaining what it is. I think you should use toLowerCase(), as it is already recommended in other IETF specs, like RFC 8265. manner unless the Designated Experts state that there is a compelling reason to allow an exception. ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- I am agreeing with Adam's DISCUSS. I believe it was addressed in the latest version. _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth