Section 9.2.3 of the crypto-condition spec currently defines the format of the subtypes URI query-parameter by mostly delegating to RFC-6920 and RFC-3986, which is al well and good.
However, these specs are somewhat ambiguous when it comes to comma-separated lists in a single query-param. For example, the following URIs are both valid per RFC-3986:
https://example.com?foo=bar,baz
https://example.com?foo=bar%2cbaz
The first URI treats the comma as a reserved character (which it is in query-params per RFC-3986), whereas the second URI encodes the comma-separator into the "foo" parameter, and relies upon contextual rules to determine the meaning, if any, of the commas.
I propose that the crypto-conditions spec clarify this by defining the use of commas as reserved URI characters, so URIs would look like this:
Clarifying this minor point, as well as #8, will help in the creation of cross-platform compatibility testing to ensure that CryptoCondition URIs are being constructed properly.
Section 9.2.3 of the crypto-condition spec currently defines the format of the
subtypes
URI query-parameter by mostly delegating to RFC-6920 and RFC-3986, which is al well and good.However, these specs are somewhat ambiguous when it comes to comma-separated lists in a single query-param. For example, the following URIs are both valid per RFC-3986:
https://example.com?foo=bar,baz
https://example.com?foo=bar%2cbaz
The first URI treats the comma as a reserved character (which it is in query-params per RFC-3986), whereas the second URI encodes the comma-separator into the "foo" parameter, and relies upon contextual rules to determine the meaning, if any, of the commas.
I propose that the crypto-conditions spec clarify this by defining the use of commas as reserved URI characters, so URIs would look like this:
ni:///sha-256?fpt=ed25519-sha-256,prefix-sha-256&foo=a%20space
For deeper insight into what prompted this issue, please reference java-crypto-conditions/issues/50 and its proposed fix (PR 51) in the Java Crypto Conditions project.
Clarifying this minor point, as well as #8, will help in the creation of cross-platform compatibility testing to ensure that CryptoCondition URIs are being constructed properly.