On Fri, Sep 1, 2023, at 9:05 AM, Rob Sayre wrote:
On Thu, Aug 31, 2023 at 11:45 PM Robert Stepanek <rsto@xxxxxxxxxxxxxxxx> wrote:I am wary of restating too many requirements in the JSContact RFC for which other RFCs are authorative: there's always the risk of getting it wrong. That especially applies to DNS: https://rfc-annotations.research.icann.org.I am not trying to be difficult here.
I don't think you are, I appreciate all your comments! I also agree it's important to come to a good conclusion with internationalizations and URIs, so we should take time for that.
I think your document is too strict, since the URL fields are delimited by JSON constructs.
We currently strictly require URIs (RFC 3986) because that's straight-forward to convert from and to vCard. So indeed your example IRI (RFC 3987) http://ああ.com would not be allowed, it would need to be converted to a URI as outlined in section 3.1 of RFC 3987. I can image we allow using IRIs where we currently require URIs, they look like a great addition. I am just cautious as long as I haven't understood all the implications.
One part I'm particularly concerned about is how to convert IRIs for use with vCard URI-typed properties . Citing Section 3.1 of the IRI spec: "Systems [...] MAY convert the ireg-name component of an IRI [...] for schemes known to use domain names in ireg-name, if the scheme definition does not allow percent-encoding for ireg-name".
This suggests to me that getting from an IRI to a valid URI requires scheme-specific rules, and using IRIs in JSContact would require implementations to take these rules into account during conversion to vCard. That's definitely more effort than just copying a string value from one representation to another. It's OK should we decide that IRIs are worth that additional effort, it's just a decision I don't want to take lightly.
What URI schemes do require special handling during IRI conversion? Do all schemes use domain names in ireg-name and so using Punycode for conversion is basically a given? How well are IRIs and URI conversion supported in software libraries, especially outside browsers? Is there more to say about security other than highlighting the spoofing concerns of RFC 3987?
I'd appreciate any feedback, especially from people who have more experience with working with IRIs than me.
-- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call
