Merge pull request #390 from ietf-wg-privacypass/caw/strings-and-hostnames

tfpauly · web-flow · commit 6daab25d04e2 · 2023-06-23T08:46:16.000-07:00
Make clear that strings are hostnames
diff --git a/draft-ietf-privacypass-auth-scheme.md b/draft-ietf-privacypass-auth-scheme.md
@@ -187,10 +187,10 @@ The structure fields are defined as follows:
 - "token_type" is a 2-octet integer, in network byte order, as described
 above.
 
-- "issuer_name" is a string containing the name of the issuer. This is a
-hostname that is used to identify the issuer that is allowed to issue
-tokens that can be redeemed by this origin. The string is prefixed with a
-2-octet integer indicating the length, in network byte order.
+- "issuer_name" is an ASCII string that identifies the issuer using the format of the authority portion of a URI
+as defined in {{Section 3.2 of !URI=RFC3986}}. This name identifies the issuer that is allowed to
+issue tokens that can be redeemed by this origin. The field that stores this string in the challenge
+is prefixed with a 2-octet integer indicating the length, in network byte order.
 
 - "redemption_context" is a field that is either 0 or 32 bytes, prefixed with a single
 octet indicating the length (either 0 or 32). If value is non-empty, it is a 32-byte value
@@ -199,13 +199,14 @@ bound to a specific context, as opposed to reusing tokens that were fetched for
 contexts. See {{context-construction}} for example contexts that might be useful in
 practice. Challenges with redemption_context values of invalid lengths MUST be ignored.
 
-- "origin_info" is a string that is either empty, or contains one or more origin
-names that allow a token to be scoped to a specific set of origins. The string
-is prefixed with a 2-octet integer indicating the length, in network byte
-order. If empty, any non-origin-specific token can be redeemed. If the string
-contains multiple origin names, they are delimited with commas "," without any
-whitespace. If this field is not empty, the Origin MUST include its own name
-as one of the names in the list.
+- "origin_info" is an ASCII string that is either empty, or contains one or more
+origin names that allow a token to be scoped to a specific set of origins. Each
+origin name uses the format of the authority portion of a URI as defined in
+{{Section 3.2 of URI}}. The string is prefixed with a 2-octet integer indicating
+the length, in network byte order. If empty, any non-origin-specific token can be
+redeemed. If the string contains multiple origin names, they are delimited with
+commas "," without any whitespace. If this field is not empty, the Origin MUST
+include its own name as one of the names in the list.
 
 When used in an authentication challenge, the "PrivateToken" scheme uses the
 following parameters:
