On Wed, 31 Dec 2014, Nico Williams wrote: >I'm in favor of saying "do form-insensitive comparison". I'd settle for >"always normalize to NFC when creating PKCS#11 resources" because, after >all, that's what IRIs need anyways, it's just that a PKCS#11 URI-using >app might not be in a position to make "normalize on create" happen. we could recommend the normalize-before-matching approach. Even for objects (keys), the application could use only non-UTF-8 value attributes in the PKCS#11 search template. Then, go through all returning objects and for UTF-8 value attributes, do NFC normalization first before matching them. however, I think that "SHOULD" would be too strong. I think it could be mentioned side by side to the warning text based on what John noted about situations with a need to use non-ASCII characters. Jan -- Jan Pechanec <jan.pechanec@xxxxxxxxxx>