This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.
See https://twitter.com/sleevi_/status/487625474156146688
We should probably rather normalize algorithm names to uppercase - users might be very surprised when their algorithm names are converted to lowercase, contrary to what is written in the spec. The only problem would be "RSAES-PKCS1-v1_5" which is written with a lowercase "v" in the spec as well. Normalizing it to uppercase be rather surprising as well...
Make that RSASSA-PKCS1-v1_5 as RSAES-PKCS1-v1_5 was removed.
If the spec would require algorithm names to be normalized as written in the spec, implementers could convert to uppercase and add special rules for mixed-case algorithm names. That seems like the least surprising way to handle this.
(In reply to Tim Taubert from comment #3) > If the spec would require algorithm names to be normalized as written in the > spec, implementers could convert to uppercase and add special rules for > mixed-case algorithm names. That seems like the least surprising way to > handle this. I don't think we need to special case anything. The point of normalization was to ensure that every algorithm had a single 'canonical' form following normalization. We can make this normalized form 'spec-written'. The only meaningful thing was to make sure that the comparisons were (as an implementer) made in a case-insensitive manner (which this bug was about it having been dropped, accidentally)
(In reply to Ryan Sleevi from comment #4) > We can make this normalized form 'spec-written'. The only meaningful thing > was to make sure that the comparisons were (as an implementer) made in a > case-insensitive manner (which this bug was about it having been dropped, > accidentally) Yes, that sounds great. I was a little too focused on implementation here, sorry.
The specification currently says nothing about performing any case conversions on algorithm names (that I could find). String comparisons are case-sensitive. Do we want to re-instate case-insensitive comparison (and normalization to 'standard' names as written in the specification) or shall we live with what we have in the specification now ?
Please see comment 0. Apparently the current specification text is an editorial mistake, and doesn't match implementations or specification intent.
Ok, so the change required here is in the algorithm normalization, which should perform case-insensitive matching on algorithm name and then normalize the name to the value registered by the algorithm.
Please make sure it's ascii-case-insensitive matching?
Do you have a specific reference in mind for the definition of case-insensitive match ?
https://html.spec.whatwg.org/multipage/infrastructure.html#ascii-case-insensitive
https://dvcs.w3.org/hg/webcrypto-api/rev/08636b084b31