adrianhopebailie
commented
7 years ago Resolved in #8
Closed sappenin closed 7 years ago
adrianhopebailie
commented
7 years ago Resolved in #8
sappenin
commented
7 years ago This is addressed in draft-03, section 9.2.3 (see comment above about #8). Thanks @adrianhopebailie!
Closing this issue.
Section 9.2.3 of the crypto-condition spec currently defines the format of the
subtypesURI query-parameter by mostly delegating to RFC-6920 and RFC-3986, which is al well and good.However, these specs are somewhat ambiguous when it comes to comma-separated lists in a single query-param. For example, the following URIs are both valid per RFC-3986:
https://example.com?foo=bar,bazhttps://example.com?foo=bar%2cbazThe first URI treats the comma as a reserved character (which it is in query-params per RFC-3986), whereas the second URI encodes the comma-separator into the "foo" parameter, and relies upon contextual rules to determine the meaning, if any, of the commas.
I propose that the crypto-conditions spec clarify this by defining the use of commas as reserved URI characters, so URIs would look like this:
ni:///sha-256?fpt=ed25519-sha-256,prefix-sha-256&foo=a%20spaceFor deeper insight into what prompted this issue, please reference java-crypto-conditions/issues/50 and its proposed fix (PR 51) in the Java Crypto Conditions project.
Clarifying this minor point, as well as #8, will help in the creation of cross-platform compatibility testing to ensure that CryptoCondition URIs are being constructed properly.