洪 民憙 (Hong Minhee)'s avatar
洪 民憙 (Hong Minhee)

@[email protected] · Reply to Emelia 👸🏻's post

@thisismissem @by_caballero @cocoa_vrc Here's the translation:

According to Section 4 (“Definition”) of RFC 7565, which defines the acct URI scheme:

If an application needs to compare two 'acct' URIs (e.g., for purposes of authentication and authorization), it MUST do so using case normalization and percent-encoding normalization as specified in Sections 6.2.2.1 and 6.2.2.2 of RFC 3986.

This leads us to examine Section 6.2.2.1 (“Case Normalization”) of RFC 3986, which states (the emphasis is mine):

When a URI uses components of the generic syntax, the component syntax equivalence rules always apply; namely, that the scheme and host are case-insensitive and therefore should be normalized to lowercase. For example, the URI HTTP://www.EXAMPLE.com/ is equivalent to http://www.example.com/. The other generic syntax components are assumed to be case-sensitive unless specifically defined otherwise by the scheme.

Therefore:

  1. For acct: URIs:

    • The scheme part (acct:) is case-insensitive
    • The host part (after @) is case-insensitive
    • The userpart (before @) is case-sensitive, as RFC 7565 does not specify otherwise

  2. This means that:

This interpretation follows directly from the combination of the normalization requirements in RFC 7565 and the case sensitivity rules defined in RFC 3986.

Julian Fietkau's avatar
Julian Fietkau

@[email protected] · Reply to 洪 民憙 (Hong Minhee)'s post

@hongminhee @thisismissem @by_caballero @cocoa_vrc

Last time I looked into it, opinions were split. My own conclusion was identical to @hongminhee's, but I've seen arguments in the opposite direction based on other specs (I have sadly forgotten which ones).

I think the current gold standard is to preserve and respect username capitalization as given by the origin server, and not trying to normalize username case.

Misskey used to force acct: URIs to lower case. I wonder if it still does that.