[Uri-review] Re: draft-grimminck-safe-ioc-sharing
"Independent Submissions Editor (Eliot Lear)" <rfc-ise@rfc-editor.org> Sun, 12 April 2026 09:42 UTC
Return-Path: <rfc-ise@rfc-editor.org>
X-Original-To: uri-review@mail2.ietf.org
Delivered-To: uri-review@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id C3860DAAB5D2 for <uri-review@mail2.ietf.org>; Sun, 12 Apr 2026 02:42:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1775986946; bh=29Mly7XHLTHxBpCbWw2SABBj8NLYEwUOADZara/ApIk=; h=Date:Subject:To:Cc:References:From:In-Reply-To; b=QLOculF5akp3y/LXWXtn3js6Ch5iW15cDiWdRKmTDMDa/TWLnfxlSpFVibryShx7B 2A2Q4wPA282buZIoaehu2pj3nOijyqwVk98yrERulmJ24ilC1XLhgChMnTr90cSSXB odcpNjtU06fSYklWUfl73bTU056MVaTp4/1xJD/8=
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=rfc-editor-org.20251104.gappssmtp.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Bc80WywSvSPx for <uri-review@mail2.ietf.org>; Sun, 12 Apr 2026 02:42:25 -0700 (PDT)
Received: from mail-wm1-x32d.google.com (mail-wm1-x32d.google.com [IPv6:2a00:1450:4864:20::32d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 04686DAAB5BE for <uri-review@ietf.org>; Sun, 12 Apr 2026 02:42:25 -0700 (PDT)
Received: by mail-wm1-x32d.google.com with SMTP id 5b1f17b1804b1-48897fd88ebso37358815e9.2 for <uri-review@ietf.org>; Sun, 12 Apr 2026 02:42:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rfc-editor-org.20251104.gappssmtp.com; s=20251104; t=1775986937; x=1776591737; darn=ietf.org; h=in-reply-to:from:content-language:references:cc:to:subject :user-agent:mime-version:date:message-id:from:to:cc:subject:date :message-id:reply-to; bh=Ig9wDZuPhNama6x4GFOY2SCSjc2n41UvUNKk4uv0gMA=; b=sjeere66xKI2W6XdtgV/xBH7aOoAW7pVWavqa9y/5wzpNLMk7UR1eKpqkmH8h7GW2f fNBvSXBPsTeYCHiCdnt2nK9qoEKzb1YcBzbmZHkg54UgVg0wou5bsKb3oTG9x+mSgvU9 U3q8vIAmubXH8eZIUdzYhwWYSnQ67R0RVOZyi0ecK/G0InYMJOQKXflHy/M+HccvAYaE W1Nbsl3asBFolDA3FUf5EFQykPRrKZ9yEuKikWn7GvbkVrjf9Er8eLwmjfJMbiydNYc7 Pbc9HlnpsH35Ozsea0cg308j/81el7G05kVdJYC9GzyrAEm3UPT6mPom+/qIiQuR8MlC MPaw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775986937; x=1776591737; h=in-reply-to:from:content-language:references:cc:to:subject :user-agent:mime-version:date:message-id:x-gm-gg:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=Ig9wDZuPhNama6x4GFOY2SCSjc2n41UvUNKk4uv0gMA=; b=NSYgBU/PqwY0q+0QgzqEXbpU2/mIjUOLz8UFvjjc4sWDFfNJ6E4eZxUKvEM49BeIPd X/dUEd0JCdl0vnuF6uWkFWPmsMbRt1czCLuWtHLkMRykf7qfy475XT8mr9x8DugRkbWv aMlOxbAniVwCpgzlfoHGXsh+rs/Xi5iYAtyTEWSUIPW48oj72fJDvMp0xpC/MM/bCoog 0HzO+jx8+J/rFweouP1CmnXUZy4s5/NpueE59AXimEjiKmQNKE3ZQaAJ1VTnBXY2DPQc ewRamE/XJE3BdVNgUO5cDdtOPHnsSjdmdT382P1Cy7gBbR/nlO+r2zW75ojeyV0UVAYB 21tA==
X-Gm-Message-State: AOJu0YwSzLSmUjfokj7dpbLoF+I/QDmJjfG07tBp+CLT13hkAxGgQfhV ydZjG0QRgzl1eW+8IBv5dKj7l3V6vyInno8NhZTPhe2tMIf+QEkVLt75KvlaBHfNy8EyfA==
X-Gm-Gg: AeBDietIj7O0Y2HpklvJGvr34DGgOrlgzMC/l3XqO5Au5Vn4r7EMD8sWXylZ1APm1VT 10v26B/SeNfWXFVCUaEMCPwMiZ0g20Rt9cNHb5jRdKq2suUCGrgCtoZr3oeiSKFZUmVd9I+B/q4 MPpkn8a/7r6BBpPeZzemgWqMken/F/JGUo9iGS5lqY+7odgq8V+nk+c49sxiHOuAv2BvFYimuYI X9PbJ58fzWkrTHCHVuTRxoSH7lCR7DKUcR8M7PcQsQVDkVOg+B2MO3xV3j0r3q0jzFaXPM/fQUA qVxbWC+eo0kDAEHBSzVhO82ay0Q3gDRF045u15vKPCjtJRnXapPTfvEu9wINQyAoybF6uw1HaS5 hsV/69w/lnMfMq2JW3K8ghRxW9dv/dJ/87Y6au6x4lR2EKKkAcGqiLToYzQB4VVnFioUH9ils1k swAXZPnhDmEeBnnhwoB1D+ton915s44uHi5zv8krXcaqu6jMFvx0BvNIdwhwwgUSoXqI8HpLZCA sbALv4zH6cdLhEg1dkb+b7rvA0=
X-Received: by 2002:a05:600c:c0da:b0:488:caed:5cc7 with SMTP id 5b1f17b1804b1-488d68af041mr103305325e9.15.1775986937527; Sun, 12 Apr 2026 02:42:17 -0700 (PDT)
Received: from ?IPV6:2a02:1210:2c9b:e200:557f:5a07:c767:28a7? ([2a02:1210:2c9b:e200:557f:5a07:c767:28a7]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-488d5d9fa22sm66477895e9.7.2026.04.12.02.42.16 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sun, 12 Apr 2026 02:42:16 -0700 (PDT)
Content-Type: multipart/alternative; boundary="------------3NUQppuc8d6cVVdcohZOf7JN"
Message-ID: <ce84a0a1-f56a-479c-9052-328b9a4a4332@rfc-editor.org>
Date: Sun, 12 Apr 2026 11:42:15 +0200
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: "Martin J. Dürst" <duerst@it.aoyama.ac.jp>, Ted Hardie <ted.ietf@gmail.com>
References: <e100c374-1323-4e10-942e-7c956b46f9e3@rfc-editor.org> <CA+9kkMCs_eWXGcS5uScro7bRoFX=7AJq1o76W-8bCXp-K9-Hsw@mail.gmail.com> <070fe9bb-2c33-4c41-a1d6-06f7efa15491@it.aoyama.ac.jp>
Content-Language: en-US
From: "Independent Submissions Editor (Eliot Lear)" <rfc-ise@rfc-editor.org>
In-Reply-To: <070fe9bb-2c33-4c41-a1d6-06f7efa15491@it.aoyama.ac.jp>
Message-ID-Hash: U6RKQRQBWQWEIF4YS64HNDBWPX75YQRZ
X-Message-ID-Hash: U6RKQRQBWQWEIF4YS64HNDBWPX75YQRZ
X-MailFrom: rfc-ise@rfc-editor.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-uri-review.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: uri-review@ietf.org, draft-grimminck-safe-ioc-sharing@ietf.org
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [Uri-review] Re: draft-grimminck-safe-ioc-sharing
List-Id: Proposed URI Schemes <uri-review.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/uri-review/OfbgqLie17LzJTHaZjHUP42yImk>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uri-review>
List-Help: <mailto:uri-review-request@ietf.org?subject=help>
List-Owner: <mailto:uri-review-owner@ietf.org>
List-Post: <mailto:uri-review@ietf.org>
List-Subscribe: <mailto:uri-review-join@ietf.org>
List-Unsubscribe: <mailto:uri-review-leave@ietf.org>
Hi URI Review team, Thanks very much for your comments. Ted, in answer to your question, I am not aware that this work has been presented to the IETF. Stefan may do so if he wishes, and I would assist him if he wishes to see the work DISPATCHed. Stefan, please take note that at least one reviewer here prefers the way you originally approached the work, and revise as you see fit. Also, please take note of Martin's concerns below. Eliot ps: I will be unavailabe for the next two weeks. Expect responses after that point. On 11.04.2026 04:09, Martin J. Dürst wrote: > Hello Eliot, others, > > One detail that caught my eye is in > https://www.ietf.org/archive/id/draft-grimminck-safe-ioc-sharing-08.html#name-step-3-host: > > >>>> > IPv6 addresses use colon-hexadecimal notation inside square brackets > (e.g., "[2001:db8::1]"), which does not trigger auto-linking in > typical software; the entire bracket-enclosed literal, including any > dots within it (e.g., the dots in "::ffff:192.0.2.1"), MUST be left > unchanged. > >>>> > > The part up to the semicolon is most probably true, but leaving this > unchanged would make it more difficult to fix that. We shouldn't put > additional blocks in front of IPv6 deployment and usage, even if they > are small. > > An additional comment below. > > On 2026-04-11 01:09, Ted Hardie wrote: >> Hi Eliot, >> >> As a meta-question was this draft brought to the IETF before going to >> the >> ISE? I don't see any record of it in places I would expect (DISPATCH, >> SAAG), but my records may be incomplete. >> >> After a quick read, this actually seems like something that the IETF >> should >> consider, as there are some aspects of it that probably need wider >> review. >> An example here is Section 9, which references how to handle IDNs. It >> describes punycode, but the overall IDNA standard should be referenced, >> probably especially RFC 3490, Section 3.1. > > Which is obsoleted by RFC 5890. > > Regards, Martin. > >> On the question related to the existing registration, RFC 7595 says: >> >> There must not already be an entry with the same scheme name. In >> the unfortunate case that there are multiple, different uses of >> the same scheme name, the Designated Expert can approve a request >> to modify an existing entry to note the separate use. >> >> I would first contact Hugo Salgado, the original registrant, to see >> if he >> would be willing to work with this author on the draft and to >> transfer the >> registration. Since the use is functionally the same (though the >> surrounding advice is different), I don't see a particular need to shift >> the registration, but if this is desired and the original registrant is >> unavailable, I believe the designated expert could invoke the clause >> above >> and add the new document. >> >> regards, >> >> Ted Hardie >> >> On Fri, Apr 10, 2026 at 4:38 PM Independent Submissions Editor (Eliot >> Lear) >> <rfc-ise@rfc-editor.org> wrote: >> >>> Dear URI reviewers, >>> >>> The Independent Submissions Editor has received a publication >>> request for >>> draft-grimminck-safe-ioc-sharing. This draft intentionally makes >>> certain >>> URIs unresolvable during transport. I am contacting you because >>> there are >>> several legacy use cases, two in particular: http-> hxxp and https -> >>> hxxps. I have no doubt, but that these indicators of compromise (IOC) >>> transformations are widely accepted as a convention. I note that an >>> old >>> draft, draft-salgado-hxxp-01 has provisionally registered these >>> schemes. >>> This is sufficient to limit damage with those particular schemes. >>> There >>> can be other schemes that may be used to reference compromised content. >>> >>> I have several questions for this group: >>> >>> - Stefan is considering a more generic approach that uses illegal >>> characters in the scheme (*) for other schemes. Do you agree >>> that is >>> appropriate? >>> - Would you like the registration for hxxp and hxxps to move to >>> this >>> work, should it progress? >>> - Would you like to mark the registrations as permanent as part of >>> that process? >>> - Would you like to perform a review of the draft? Reviewer >>> guidance >>> can be found at >>> https://www.rfc-editor.org/materials/reviewer.guide.txt >>> . >>> >>> Regards, >>> >>> Eliot >>> >>> >>> _______________________________________________ >>> Uri-review mailing list -- uri-review@ietf.org >>> To unsubscribe send an email to uri-review-leave@ietf.org >>> >> >> >> _______________________________________________ >> Uri-review mailing list -- uri-review@ietf.org >> To unsubscribe send an email to uri-review-leave@ietf.org >
- [Uri-review] draft-grimminck-safe-ioc-sharing Independent Submissions Editor (Eliot Lear)
- [Uri-review] Re: draft-grimminck-safe-ioc-sharing Frank Denis
- [Uri-review] Re: draft-grimminck-safe-ioc-sharing Ted Hardie
- [Uri-review] Re: draft-grimminck-safe-ioc-sharing Martin J. Dürst
- [Uri-review] Re: draft-grimminck-safe-ioc-sharing Independent Submissions Editor (Eliot Lear)
- [Uri-review] Re: draft-grimminck-safe-ioc-sharing Stefan Grimminck
- [Uri-review] Re: draft-grimminck-safe-ioc-sharing Graham Klyne
- [Uri-review] Re: draft-grimminck-safe-ioc-sharing Independent Submissions Editor (Eliot Lear)
- [Uri-review] Re: draft-grimminck-safe-ioc-sharing Martin J. Dürst
- [Uri-review] Re: draft-grimminck-safe-ioc-sharing Stefan Grimminck
- [Uri-review] Re: draft-grimminck-safe-ioc-sharing Stefan Grimminck
- [Uri-review] Re: draft-grimminck-safe-ioc-sharing Independent Submissions Editor (Eliot Lear)
- [Uri-review] Re: draft-grimminck-safe-ioc-sharing Graham Klyne
- [Uri-review] Re: draft-grimminck-safe-ioc-sharing Eric Burger