From cb9aa8153660530a22b3a3a3b692bc8149a5a222 Mon Sep 17 00:00:00 2001
From: Charles Lanahan <charles.lanahan@gmail.com>
Date: Wed, 20 Dec 2023 12:04:45 -0500
Subject: [PATCH] Added section about unicode in domain names.

Signed-off-by: Charles Lanahan <charles.lanahan@gmail.com>
---
 spec/security_considerations.md | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/spec/security_considerations.md b/spec/security_considerations.md
index 6ace9a3..c6f1b09 100644
--- a/spec/security_considerations.md
+++ b/spec/security_considerations.md
@@ -55,6 +55,14 @@ be valid. This has two meanings, both of which are required:
 If a URL of a DID document or [[ref: KERI event streams]] results in a redirect, each URL MUST satisfy the same security
 requirements.
 
+### International Domain Names
+
+Like `did:web`, due to [[spec:DID-CORE]] identifier syntax not allowing Unicode in method name or method specific identifiers, implementers should be cautious when implementing support for DID URLs that rely on domain names or path components that contain Unicode characters.
+
+See also:
+* [UTS-46](https://unicode.org/reports/tr46/)
+* [[spec:rfc5895]]
+
 ### Concepts for securing `did:webs` information
 
 The following security concepts are used to secure the data, files, signatures and other information in `did:webs`. We characterize each concept with high, medium and low security to orient readers to the situational relevance.