Re: [dispatch] Registration of "hxxp" URI scheme

Mark Nottingham <mnot@mnot.net> Mon, 08 May 2017 03:33 UTC

Return-Path: <mnot@mnot.net>
X-Original-To: dispatch@ietfa.amsl.com
Delivered-To: dispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9020F126D74 for <dispatch@ietfa.amsl.com>; Sun, 7 May 2017 20:33:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.098
X-Spam-Level:
X-Spam-Status: No, score=0.098 tagged_above=-999 required=5 tests=[BAYES_50=0.8, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YtgEJ3u38nQC for <dispatch@ietfa.amsl.com>; Sun, 7 May 2017 20:33:04 -0700 (PDT)
Received: from mxout-07.mxes.net (mxout-07.mxes.net [216.86.168.182]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D08A412025C for <dispatch@ietf.org>; Sun, 7 May 2017 20:33:04 -0700 (PDT)
Received: from [192.168.1.18] (unknown [124.189.96.43]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.mxes.net (Postfix) with ESMTPSA id 79D5922E256; Sun, 7 May 2017 23:33:03 -0400 (EDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
From: Mark Nottingham <mnot@mnot.net>
In-Reply-To: <20170505161748.7184.qmail@ary.lan>
Date: Mon, 08 May 2017 13:33:00 +1000
Cc: dispatch@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <672B55E1-FC53-42C4-8618-9937BEDAFF0F@mnot.net>
References: <20170505161748.7184.qmail@ary.lan>
To: John Levine <johnl@taugh.com>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dispatch/w16Qnq4_VIx-Pv0Q__BqhsMTY4U>
Subject: Re: [dispatch] Registration of "hxxp" URI scheme
X-BeenThere: dispatch@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DISPATCH Working Group Mail List <dispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dispatch>, <mailto:dispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dispatch/>
List-Post: <mailto:dispatch@ietf.org>
List-Help: <mailto:dispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dispatch>, <mailto:dispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 May 2017 03:33:08 -0000

I think it's worth having a registry entry if this is widespread practice, if only to prevent accidental use.

I agree that a provisional registration would do that. 

Cheers,


> On 6 May 2017, at 2:17 am, John Levine <johnl@taugh.com> wrote:
> 
> In article <20170505155326.GH14760@vulcano.intra.nic.cl> you write:
>> -=-=-=-=-=-
>> 
>> Dear dispatch WG.
>> I recently realized there's no registration for the "hxxp"
>> scheme in the IANA table. This scheme had become a de-facto
>> standard from many years, inside the security community,
>> to obfuscate malicious urls. I think it deserves to be
>> registered for block and documentation matters.
> 
> Since the whole point of hxxp is to prevent interoperation, I don't
> understand what problem a permanent registration would solve.  It
> doesn't seem very likely that anyone would use those four letters to
> mean anything else. but if you want a placeholder to prevent that, a
> provisional FCFS registration would do the trick.
> 
> R's,
> John
> 
> _______________________________________________
> dispatch mailing list
> dispatch@ietf.org
> https://www.ietf.org/mailman/listinfo/dispatch

--
Mark Nottingham   https://www.mnot.net/