Skip to content

Commit

Permalink
Merge pull request #122 from dhh1128/intltweak
Browse files Browse the repository at this point in the history
tweak intl domain name note to clarify verbiage
  • Loading branch information
2byrds authored Jan 13, 2024
2 parents 1cecada + 0f63f38 commit 6116d77
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion spec/security_considerations.md
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,7 @@ requirements.

### International Domain Names

Like `did:web`, due to [[spec:DID-CORE]] identifier syntax not allowing Unicode in method name or method specific identifiers, implementers should be cautious when implementing support for DID URLs that rely on domain names or path components that contain Unicode characters.
As with `did:web`, implementers of this method should consider how non-ASCII characters manifest in URLs and DIDs. The [[spec:DID-CORE]] identifier syntax does not allow the direct representation of such characters in method name or method specific identifiers. This prevents a `did:webs` value from embodying a homograph attack. However, `did:webs` can hold data encoded with punycode or percent encoding. This means that IRIs constructed from DID values could contain non-ASCII characters that were not obvious in the DID, surprising a casual human reader. Caution is therefore recommended when treating a `did:webs` as the equivalent of an IRI. Treating it as the equivalent of a URL, instead, preserves the punycode and percent encoding and is therefore safe.

See also:
* [UTS-46](https://unicode.org/reports/tr46/)
Expand Down

0 comments on commit 6116d77

Please sign in to comment.