IETF Logo Mail Archive

[Uri-review] Re: draft-grimminck-safe-ioc-sharing

"Martin J. Dürst" <duerst@it.aoyama.ac.jp> Sat, 11 April 2026 02:09 UTC

Return-Path: <duerst@it.aoyama.ac.jp>
X-Original-To: uri-review@mail2.ietf.org
Delivered-To: uri-review@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 00EBADA2FF53; Fri, 10 Apr 2026 19:09:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1775873373; bh=mozI3stTssTmz8N+m4QhyicNgyxOQkUza/+riSPWsJQ=; h=Date:Subject:To:Cc:References:From:In-Reply-To; b=TNK3Y1b2N4ODX6PgePugLuPyBVN10iv73FbPB3dIC+cqH9l+vdl0u7OdaHFi9UQek n4ZfeIGX71T5kzgv0OeFB6QcP8ba/521q1ZEjB1hZLRbxL1r7T4UnXd80u7AeTFXdl MRmAcOaBSWq/vnH/jUikuj/08UNomHuMDJVbtwqo=
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (1024-bit key) header.d=itaoyama.onmicrosoft.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MIzp8_glaJyt; Fri, 10 Apr 2026 19:09:32 -0700 (PDT)
Received: from OS0P286CU010.outbound.protection.outlook.com (mail-japanwestazon11021125.outbound.protection.outlook.com [40.107.74.125]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 415DDDA2FEFD; Fri, 10 Apr 2026 19:09:21 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=SeF7EutmWvHGG+r8Fqsxd1K9gJIZx72AUJQ4xuGPPL0sc6Hu1lUhOkDroJadrJezN+yPwBdMI7Uj5mUS93A6a3aRCETiQsTdIoJdP3DAHuTmz3mTQPKRkBwOo+Qq4l4NdacpAiho6C9B4CSNB2rwfKz/g98Agxus9+dd3pYBRhKNZsEtrE1FaTj791KsUJ2TwgzTSKw/5UcVWgUtQL6bk3rG6AKWMixjAh+7xB0f1cMgwC2I9L4hGmHYhnGdITpBCZbUv6jWCOhm8yEB6CvHwI+/a/xp4FVCRlY0/AjEUDI2IcruRn5o7TfJ+bj5a/Xf2uW7bVRkXQ95wClpJVK7cA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=WYG7897KHfBHv05CgVDouaO+iWIkcotfpyPsCyuproY=; b=CbTa1ggfMUjEmThEnJN2GtSwJzV7o9N8HBVuO68+yqMHFzSasr1ArxIb1uyN8BOZfW6RqHO/ANpmBwY/5fcfEKIx1jRkYmw7cOmqsJ/6R1TupU9vMffo15+15rkTHxDAkoQ8V+n+9jrvK6fzjcHq5tBF+/R2HNQlaVtQ/PbTfxavHGcH9zwbFTnYeyVaNi+FBnMRUjb5pLykQgwzWS2uQODBQm1ODa83QZ/Mzbc8nsh5mIO5NodkkD0+QxvkeLGF8dvPRhgSRe+kySAa2Dt5DvD9xXCCD9fNJUODngeKruSXwQZn1OMABj4tA5KwbUp7CMX4+piUEDQ9Qt2TWUzhHQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=it.aoyama.ac.jp; dmarc=pass action=none header.from=it.aoyama.ac.jp; dkim=pass header.d=it.aoyama.ac.jp; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=itaoyama.onmicrosoft.com; s=selector2-itaoyama-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=WYG7897KHfBHv05CgVDouaO+iWIkcotfpyPsCyuproY=; b=SxVK43GOIAc5mjYr4t/UYaTFnRQs8pysv7ZoXxAfyGxHby92FygeY9DVBsG/RyZ1U6h4GdlnRBlXZ3jY8ztCtDMJTC4J/7nFQztTlVcqm2C6yDCA0eov7NLH6h5L2RRslNLHrwUjiEzuKPiyuyBo9TVNjpE3JsfpvKdjZa5z0zQ=
Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=it.aoyama.ac.jp;
Received: from TYTPR01MB10902.jpnprd01.prod.outlook.com (2603:1096:400:39e::10) by TYYPR01MB6992.jpnprd01.prod.outlook.com (2603:1096:400:da::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9769.45; Sat, 11 Apr 2026 02:09:10 +0000
Received: from TYTPR01MB10902.jpnprd01.prod.outlook.com ([fe80::4a5e:60a4:c74b:1817]) by TYTPR01MB10902.jpnprd01.prod.outlook.com ([fe80::4a5e:60a4:c74b:1817%5]) with mapi id 15.20.9769.043; Sat, 11 Apr 2026 02:09:10 +0000
Message-ID: <070fe9bb-2c33-4c41-a1d6-06f7efa15491@it.aoyama.ac.jp>
Date: Sat, 11 Apr 2026 11:09:09 +0900
User-Agent: Mozilla Thunderbird
To: Ted Hardie <ted.ietf@gmail.com>, "Independent Submissions Editor (Eliot Lear)" <rfc-ise@rfc-editor.org>
References: <e100c374-1323-4e10-942e-7c956b46f9e3@rfc-editor.org> <CA+9kkMCs_eWXGcS5uScro7bRoFX=7AJq1o76W-8bCXp-K9-Hsw@mail.gmail.com>
Content-Language: en-US
From: "Martin J. Dürst" <duerst@it.aoyama.ac.jp>
Organization: Aoyama Gakuin University
In-Reply-To: <CA+9kkMCs_eWXGcS5uScro7bRoFX=7AJq1o76W-8bCXp-K9-Hsw@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
X-ClientProxiedBy: TYCP286CA0304.JPNP286.PROD.OUTLOOK.COM (2603:1096:400:38b::12) To TYTPR01MB10902.jpnprd01.prod.outlook.com (2603:1096:400:39e::10)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: TYTPR01MB10902:EE_|TYYPR01MB6992:EE_
X-MS-Office365-Filtering-Correlation-Id: f3174c4d-3de6-49bf-f42f-08de976f51c5
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;ARA:13230040|786006|1800799024|41320700013|4022899009|366016|376014|22082099003|56012099003|18002099003;
X-Microsoft-Antispam-Message-Info: 95rp4zb1QHTnQh2/7QSRKJOoYL5AaM2P7r0FLj0DIXkDTz8zRag3lkoYcSgJCaj0NpwlgSnEujD55yNZjG2Y6j4UgphBJ0/u96Alj+vpq4ZzCcMLQHZi+x3v/J0pu66R52axMzsLLUKkmrRCxd7IzOmOUD07idkwO7F7bQSyctp/PJN/eYdEY1TCU9PhG8ajqSZHehw79fJVz5+ibPiC/ifXFDVcIZqqZvW7yLWTw3b7s71OGkGn2FsxiCf6EKGcx3jSDAzWp0Od881cj8sZ6U48fa33l1Fha0EzF9zSCBCEs/sInzijo4WmfG532ouphFdaxQjc2n//AeYPANyaKYlWpFL266H2ptwsx7bN179o50xPKZ9sOg40YZrkP48d89s322mhQRuUU+4Hksg8VvHtaLxLiHNDR9eoZn7L/NXoANsZemnQNzP9bAofuCXMAvV1NuTlfgKVJYQtzbqBfbtxngPvPfGv/EfMSIsYXw4Rtw75pyVTWlPoSTpJiGBGM/X50Tt0ItLA7ai9JRlJpzBDg0hr/jGLdfuu3tWGxrimZ6eEljWLNBjoKLxtE86QhiSqz2M9Hx+84coHNBVdvPlAL9ADPXXtXd64kiexf7HlAgoBle3uyXWLLqGMYbhPXGvVDLQgDvbsQx735g8ukCU2GdHn8cvJjkMdBcYJluevBmZ2unUObnVnc7jz1qt1MpzKTI87r5QtC5l6NoQ5ted2V1WBRjat2mofoBOS+n4=
X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:TYTPR01MB10902.jpnprd01.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(786006)(1800799024)(41320700013)(4022899009)(366016)(376014)(22082099003)(56012099003)(18002099003);DIR:OUT;SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: hTQDwO3Av4xCScHXlkDe4gsc+7HDbckBUWXFkE4dH4/4zp7/g44uACXS6XrrPChR+sjEqiYFC74w6fMEvD91f3qIL5IWMbG4AwZNwFCVb/ssJbWnGOZ4iev+RmBr8PSNfjM09QDwUoEzrAYXcJGiV/hDBWjMlVee8Gs8dTaVLzQScTuELda026g7jxOwCYr9xsKokIfzEzcpjtHni8wX+QmKs4WzB5bjQ4BBpHaIDusK0NefD4GPrJclG17D1yzWah8uERdf4GlDBFxCZMJ8/V+0dUUbQKeETeQPhhESGm/N8TiPjn5NS3HiQE6ZiaY+K413gugP2n0z5qHIhW4nRMm0xdc7SBFq/3w2c31239BN2Ml6yMMfq7FKvIlwOgsc68dwy1HnEdgMeiWjRvS81WqCOyw/ZARnZP/9/bSmgV26D+EvG2Zdf2OmxUcT71H0pyLG6Jshc9/Q2P2ggtwnbSV+xIikf1rCRA9S+t3efZYdUTftMl6P1mrNXpvWXYRO1RxNCMaYgjJTY8laG/m+bALi0YCw27OvLPUz3ALt4bze9Tj0ZbUNNcLo7ce37CejrGEMgFYTpUMb5NVoYD3tFcJbFZOqgwdyG8ly7XLJpFCYOJzSG+z7mFnrCeH+DB3CQtdu5/nLEwCId5EeHJz5SUybz74FHjt81eGz7ImzMEIOipy1vS/t5dTLWdtSCY9/6wcpDVvr6hKmrB1x+mrsyUwkdz88se45myIeGuvXct/C0xibwcXaoQiy1K72MOuw6S8IHEbjzDs9YyMVtAF4nNy+npQmwsDRLofvSsqG6N5jT1hL1F8O2m3J3hrksP2lOK4h3BzzcWRBGtW+kdqJuXAVHY32zUkLNVg+odC5KRtzTifsDFpRaW9PGUdituZ23QtAIKO/x40Bb/BOhCB84s2G7GWI3ssLJogwxJR0GaPieVNMdOyOSlLSsVFgf7f0ynla7FPNezb4vF++mXPpRyLJOST3OSes9TLAaWswrrxNmO1u5VgXqguhGXq/o7BKP5efs64qA/PQzgqVICJjdFlApTnxMKBVpFUaQHu6IJdqJzVwk2zcNGklppcu6pYPdVSRjedoy2bpDqG8O3EDmEzAw9j1AueeY3bvM84LhWn7nRmuTawjEKLXVSgvoW54RPLBHaMxeq/guO3MSiAz6EKz3ZLu6r0KaV2ztDCfWVIJLl5pdNLarC/2gE8J80+nZpZe1l4MuArOASDSpAHPsOEcCjytRPYPhykepWQiPZpJPhgtVTcFQwf9i4jjvQjK7tMpy2gbsOMEOmuwW70dW8xvOE19Bms+S0om8U79OdMSzH/LhfZLEuSNfKWRAPutNe1okC1bjMHGQe+SpXo0jz2qG6TXDms39lVWrAzqSkurLGHKxdTvKEfcY/S+A8GmLV/Thm3dGU/hukJeYnMxaVFrlKNVONqs89iCCvuuJs+YtBlOC4/qq7qePYaIQm482WNogsqwyoOV/+hhxeX9IsSt661gO1HJeZms1GeM/CKOXViqDSaS1dTzOAQd44O0XcdYCLSDWBOW1eh/vfPDY5Y8DiJlRPSTedUEY30qD600PfupuekTGlG9bBNqKJjQiJ50pG2cbToXXW/TYpQQZhQKxSkx8XIKycOeZic/6ugZ8DBEjDrXa6JVLfs2X80Db5sAUd4phiqAUCivmMtCo2If4jOSF57qIo1T4jDdF2f2qLmlxvbhx39Pfi6D36fPMrCI6pc2MLj7d+t8qJ8aDQ==
X-OriginatorOrg: it.aoyama.ac.jp
X-MS-Exchange-CrossTenant-Network-Message-Id: f3174c4d-3de6-49bf-f42f-08de976f51c5
X-MS-Exchange-CrossTenant-AuthSource: TYTPR01MB10902.jpnprd01.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 Apr 2026 02:09:10.7652 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: e02030e7-4d45-463e-a968-0290e738c18e
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: Mnqhk3gq1UDOQc+7qLiFZKFAPUgYzWgzV5nHQx5mukbDo5nf6dWLnxHF4bx6mrYpKBkRlCeHVIBbFIPerFvaDw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: TYYPR01MB6992
Message-ID-Hash: LXH3NECK3ZG7NMLMRPHIL4QYB3JGMAT5
X-Message-ID-Hash: LXH3NECK3ZG7NMLMRPHIL4QYB3JGMAT5
X-MailFrom: duerst@it.aoyama.ac.jp
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-uri-review.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: uri-review@ietf.org, draft-grimminck-safe-ioc-sharing@ietf.org
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [Uri-review] Re: draft-grimminck-safe-ioc-sharing
List-Id: Proposed URI Schemes <uri-review.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/uri-review/Hb9m59OgnvPdXNXd8iz9kziqTjk>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uri-review>
List-Help: <mailto:uri-review-request@ietf.org?subject=help>
List-Owner: <mailto:uri-review-owner@ietf.org>
List-Post: <mailto:uri-review@ietf.org>
List-Subscribe: <mailto:uri-review-join@ietf.org>
List-Unsubscribe: <mailto:uri-review-leave@ietf.org>

Hello Eliot, others,

One detail that caught my eye is in 
https://www.ietf.org/archive/id/draft-grimminck-safe-ioc-sharing-08.html#name-step-3-host:

 >>>>
IPv6 addresses use colon-hexadecimal notation inside square brackets 
(e.g., "[2001:db8::1]"), which does not trigger auto-linking in typical 
software; the entire bracket-enclosed literal, including any dots within 
it (e.g., the dots in "::ffff:192.0.2.1"), MUST be left unchanged.
 >>>>

The part up to the semicolon is most probably true, but leaving this 
unchanged would make it more difficult to fix that. We shouldn't put 
additional blocks in front of IPv6 deployment and usage, even if they 
are small.

An additional comment below.

On 2026-04-11 01:09, Ted Hardie wrote:
> Hi Eliot,
> 
> As a meta-question was this draft brought to the IETF before going to the
> ISE?  I don't see any record of it in places I would expect (DISPATCH,
> SAAG), but my records may be incomplete.
> 
> After a quick read, this actually seems like something that the IETF should
> consider, as there are some aspects of it that probably need wider review.
> An example here is Section 9, which references how to handle IDNs.  It
> describes punycode, but the overall IDNA standard should be referenced,
> probably especially RFC 3490, Section 3.1.

Which is obsoleted by RFC 5890.

Regards,   Martin.

> On the question related to the existing registration, RFC 7595 says:
> 
>        There must not already be an entry with the same scheme name.  In
>        the unfortunate case that there are multiple, different uses of
>        the same scheme name, the Designated Expert can approve a request
>        to modify an existing entry to note the separate use.
> 
> I would first contact Hugo Salgado, the original registrant, to see if he
> would be willing to work with this author on the draft and to transfer the
> registration.  Since the use is functionally the same (though the
> surrounding advice is different), I don't see a particular need to shift
> the registration, but if this is desired and the original registrant is
> unavailable, I believe the designated expert could invoke the clause above
> and add the new document.
> 
> regards,
> 
> Ted Hardie
> 
> On Fri, Apr 10, 2026 at 4:38 PM Independent Submissions Editor (Eliot Lear)
> <rfc-ise@rfc-editor.org> wrote:
> 
>> Dear URI reviewers,
>>
>> The Independent Submissions Editor has received a publication request for
>> draft-grimminck-safe-ioc-sharing.  This draft intentionally makes certain
>> URIs unresolvable during transport.  I am contacting you because there are
>> several legacy use cases, two in particular: http-> hxxp and https ->
>> hxxps.  I have no doubt, but that these indicators of compromise (IOC)
>> transformations are widely accepted as a convention.  I note that an old
>> draft, draft-salgado-hxxp-01 has provisionally registered these schemes.
>> This is sufficient to limit damage with those particular schemes.  There
>> can be other schemes that may be used to reference compromised content.
>>
>> I have several questions for this group:
>>
>>     - Stefan is considering a more generic approach that uses illegal
>>     characters in the scheme (*) for other schemes.  Do you agree that is
>>     appropriate?
>>     - Would you like the registration for hxxp and hxxps to move to this
>>     work, should it progress?
>>     - Would you like to mark the registrations as permanent as part of
>>     that process?
>>     - Would you like to perform a review of the draft?  Reviewer guidance
>>     can be found at https://www.rfc-editor.org/materials/reviewer.guide.txt
>>     .
>>
>> Regards,
>>
>> Eliot
>>
>>
>> _______________________________________________
>> Uri-review mailing list -- uri-review@ietf.org
>> To unsubscribe send an email to uri-review-leave@ietf.org
>>
> 
> 
> _______________________________________________
> Uri-review mailing list -- uri-review@ietf.org
> To unsubscribe send an email to uri-review-leave@ietf.org

-- 
Prof. Dr.sc. Martin J. Dürst
Department of Intelligent Information Technology
College of Science and Engineering
Aoyama Gakuin University
Fuchinobe 5-1-10, Chuo-ku, Sagamihara
252-5258 Japan

v2.46.0 | Report a Bug | By Email | System Status