Trailing position of metadata

[aphillips]

6.4.2. Language and Direction Encoding https://www.w3.org/TR/webauthn-2/#sctn-strings-langdir

The original draft of this section had the language tag and direction metadata preceding the string. At my (@aphillips) suggestion it was moved to the end of the string. This suggestion was made for several reasons:

• Implementations might be length constrained and thus prone to truncating the given string. Since metadata is less important than actual content, positioning the metadata at the end of the string seems preferable, especially given that each Unicode tag character requires 4 UTF-8 bytes to encode. Even simple language tags such as en-US or ar-OM require 28-bytes to encode.
• Metadata removal may be simpler with the metadata at the end, since it involves shortening the end of the string at the index of U+E0001 vs. substring after one of three different code points.
• Rendering of Unicode language tag characters and bidi metadata might interfere with the text being transmitted being understood.
• Suffixing is used by other metadata serialization schemes, such as RDF's serialization.

That said, it's unclear if this is the right position or format for language/direction metadata. It does require introspection of the string and that introspection might be more expensive at the end. The I18N WG has not reached internal agreement about prefixing vs. suffixing. We do agree that separate fields are preferred to either and that the use of Unicode tag characters is undesirable.

We therefore recommend that this section be dropped altogether and, if possible, metadata fields be introduced. If such cannot be introduced for compatibility reasons, providing no metadata might be preferred as an interim solution. We hope to discuss this with Webauth.

[equalsJeffH]

See also issue #1643

[equalsJeffH]

See also similar issue in secure-payment-confirmation: https://github.com/w3c/secure-payment-confirmation/issues/93