"Use of CBOR" section recommendation on URIs

[faceless2]

From section 18.2, one of the SHALL requirements is

A JSON string that is identified as a URI shall be serialized with tag 32 (major type 6).

This feels like a very, very large foot-bullet. Does this include self#jumbf URLs generated as part of the claim? Because that's certainly not the case in any of the test files. And what if the text refers to URL, do we assume URL==URI?

I'm not sure this requirement is a good one; it adds ambiguity, it increases the likelihood of hard-to-spot errors unless every diagnostic tool (eg c2patool) switches to CBOR-diag serialization instead of Json. And I don't think it adds anything of value.

[kevinmkane]

All use of tag 32 for URI's/URL's has been removed in version 1.3 in the spec which goes live this week.

We do use URI and URL interchangeably, although we probably should always say URL because we always require a scheme to be specified.

In fact, the entire section on converting JSON to CBOR has been removed, because we support assertions whose content is JSON natively, and so there's no need to convert JSON to CBOR.

We did have in our CDDL grammars a few uses the use of type uri, which is defined as a text string tagged with 32 in the CDDL RFC, but we deprecated or eliminated all of those uses in 1.3 because this was not our intention. We use regular text strings everywhere for URLs now. We also came to the conclusion that a requirement to tag URLs strings like this was very likely to be missed by implementers and result in incompatibilities between implementations.