Though this is in fact implicit in RFC4035 Section 6.2, it is perhaps worth reminding any implementors reading this post (and though absurdly late, perhaps even adding yet another minor tweak to the document) that the target name of a SVCB or HTTPS record, though a domain name, MUST NOT be canonicalised to lower case when signing or validating.
These names are of course (for largely the same reasons) also not candidates for name compression. I've seen some evidence that this point is not always obvious to implementors rushing support for these out the door, and actual mixed-case targets in signed zones to test against are exceedingly scarce. So it is easy to ship a non-interoperable implementation that will only exhibit problems much later when sufficiently many zone owners do decide to use mixed case target names for some cosmetic reason. I am not expecting miracles in terms of document changes, so no flames please, just do the right thing whatever that might be. On the other, if you are implementing or have recently implement support for signing or validating SVCB/HTTPS records, please make sure that the input to the hash for signing/validation is not case-folded. -- Viktor. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop