On Wed, 31 Dec 2014, Nico Williams wrote:
I'm in favor of saying "do form-insensitive comparison". I'd settle for
"always normalize to NFC when creating PKCS#11 resources" because, after
all, that's what IRIs need anyways, it's just that a PKCS#11 URI-using
app might not be in a position to make "normalize on create" happen.
we could recommend the normalize-before-matching approach.
Even for objects (keys), the application could use only non-UTF-8
value attributes in the PKCS#11 search template. Then, go through all
returning objects and for UTF-8 value attributes, do NFC normalization
first before matching them.
however, I think that "SHOULD" would be too strong. I think
it could be mentioned side by side to the warning text based on what
John noted about situations with a need to use non-ASCII characters.
Jan
--
Jan Pechanec <jan(_dot_)pechanec(_at_)oracle(_dot_)com>