IETF Logo Mail Archive

[Uri-review] Re: draft-grimminck-safe-ioc-sharing

Ted Hardie <ted.ietf@gmail.com> Fri, 10 April 2026 16:13 UTC

Return-Path: <ted.ietf@gmail.com>
X-Original-To: uri-review@mail2.ietf.org
Delivered-To: uri-review@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id E6A1CD9A0148 for <uri-review@mail2.ietf.org>; Fri, 10 Apr 2026 09:13:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1775837592; bh=31E+YtKzYxqov+2GstCz9fYuk7uyFxtMyVe4/OYrjo8=; h=References:In-Reply-To:From:Date:Subject:To:Cc; b=Y+GB59G8bfrlsvT+SUetJ4pfc3zr+esr48qtxDb9mKFG6EBDsp7v7benfqNCS2AQ3 svKd8gtdGrgHj0T9rQ6klQxTNee1p5zADwf1YkJzQaBgg6yGwrvdGBDCP8l8IRygYa gT0ff8s3N1PS/LHsy+Zd70nEmB0ArZT/q/8iY9XE=
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bwQnH5J8ndiD for <uri-review@mail2.ietf.org>; Fri, 10 Apr 2026 09:13:12 -0700 (PDT)
Received: from mail-yx1-xb12c.google.com (mail-yx1-xb12c.google.com [IPv6:2607:f8b0:4864:20::b12c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 40C77D99FD67 for <uri-review@ietf.org>; Fri, 10 Apr 2026 09:10:18 -0700 (PDT)
Received: by mail-yx1-xb12c.google.com with SMTP id 956f58d0204a3-65075c2ba66so2889038d50.1 for <uri-review@ietf.org>; Fri, 10 Apr 2026 09:10:18 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1775837412; cv=none; d=google.com; s=arc-20240605; b=MbS+zO1E6NF/iF/VkhPYaoKKyNCCxXw6gMXNESnRKDFYez4D08z/2/ZzxGK1Ht5vN2 4TPU+n4EHZsp4OZ9e3SUcknXlyJlSM2aCdkfg58CXYA5kkhFyjxG2aRmvSZoA0swOGST aL5R97YzrwYQpi7gPzynr+8Q3VxBLaXzaSA0f/klZAJuR7MZMrgC9KVfzoe9kKROrSZ0 jeMT926ADl4hJKqR6r141UGT8ap83AK/FBO3P8IDQYjsnyfYntt3uzmXYHQt5ggusEVy 86p/cVs9v0VB4EaqzfhBPUlv0ihijvufpJaha16fUadB78+TmMYfrI7FrdwwqlfpBegc qPJg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:dkim-signature; bh=ji+v0rS9g09bcqFkYuZREfkPyPW5NGSS+EhEl/GhZ/E=; fh=5p4b5Q/hZZpFyIeUD5WO590KMOWdyYI0hyEUhDS0vKk=; b=OK7W4S3mgRMWgL9whkTJCUqttCeWXenSkw0VL+txNsJ9VGtZkbTUmzDHDTHsZBefNn W1MoInP3XmPmVMZBNQl96tR4gsOW7d6xvBHpgo9tuRre5FR6kUPL1q+vjQQelvQ87Ftl ehh0c25TQ5HVS07EA0XaBcaNtW9YZqyeh1Q94qq++0kZbmWwY/ZbY4ytN8qx0bL9aXaJ 692vr//hEDDXOQEUwuSmysct3gbzV57p4nOnquDUz3aYZ/n7yxW4OveGAqwpjroKpbbf GccXMkX5WElUtMmcSFp8q2Y7y7ml2u+IXPud+kgizespOr8VLRzRzLVJ2B41wm5/FZpf Y1qw==; darn=ietf.org
ARC-Authentication-Results: i=1; mx.google.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1775837412; x=1776442212; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=ji+v0rS9g09bcqFkYuZREfkPyPW5NGSS+EhEl/GhZ/E=; b=QWLuyCx3VJuglbfn/l80Hf8TnU8dLHcTMHlLjN+bvEDZQtQv8oKa2xS803J6sWpp22 5A7LZ1J2DcdPhn5pLsEwYTj/JgGMHloej2xRqWKnOHE2cfadRStJHWOPIBctRtt1KEa4 2X0E5Sp3tSMFZlUmxExm9sS1d0ZyvC0LYcEnBmlHsEgn7zEYL/58Szy/B0AG5gnouLfC SkQB+UN/GBZOvnmN0UQc2l+FQ4qVrsNC6RjhYlv4F+Gt4yj2NgBg3171YSKqIKBRQ0Re ZQ21SwqnJ83g5kLT/9Ejv4TZ3+4yNH3iixH2Y0AHBXP9IMg5Ru+x96sODzg4LbFBD1wv 5aFw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775837412; x=1776442212; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=ji+v0rS9g09bcqFkYuZREfkPyPW5NGSS+EhEl/GhZ/E=; b=PPxFe7Sm95z9Wijjw3OQs9+R8T9ZJ8dGRmjcO6r8Om9ZF50ZodQKLOalWVMpHBeqbI bUuZssfO78hP4rUXb4wF4LPMczAsvTjIo1p5fb9SFkWyEqx7Y7+TbdJQU+3Y82vA9wyk CQn24A8c+j4ADYIIOFoITbu2GIjqzeykxnvp4yMJTixY7FFOoupYVQpcP/34b8F0kaSN AJJysn95JJFeQCQIaf6G+85cqZGRt8TmWKEIVXZJg0AfZS09LY65kyMYQmW0DUTLCC56 hvpBucbTVimTl92+FHt0BToCjunIArsQ9OuO+EjLQ4brigEblJmQ3YYheEGNBIf+nxYD pOaA==
X-Gm-Message-State: AOJu0YyYCdvpXi+PJvHSm0UnJtWsNPkH9GjCr6PyfivHmpK6aVBypjFi j6FGjqWBGfSu24uDUb5ApCQmGe/fnvePFuhL0OC9YC4nHAYti0DGpy08FlrxT+QDIln5IyfpQgK FlfNh3imuK28Mjo8FeiVNPYsCN07M7k0=
X-Gm-Gg: AeBDieuCcqZvkU52yX50RgVmCwDmgqPhn9x9WbZU2CUdv3F4aLfMLX0hkb0EH+SL0Pm snAEy4NUn5dxzBuyIT361bOBQeBLePs6Irg55HgAqsx/FH3RgDAVYJNKC54hPeLO8jLWrQGjKvH X+DzgBkvBNB7kPR1YVaBERtQHMZ6syt2B/4Orl+Dk01Vv8hVCM+/FkPsNyp8gZjplnSGav0joEh KqnXC2W6Fwrs9rM1p2OxUXpWDBNsHkEFliH8qQben1Oxr5vlBcESn/M5GmoYl9M7DnFAVWFRudm mY34QkBrIR4LV1u4A51O65MnOt7/yDPXLKf60s/IHCO6L8kTdx8YMFq9VlwkMUh29uu518OEzs5 Jc+2eNU8BzI1ylELhpyTilaRQllYCzQyMGow4Y8NajBnYFw39tgjDYkuLhAXUUBHtewagcw/zTP SjB7uaRkCm8t2sS4l3ntwH34HDaIzFxQL3JmcG/xXiosXGo/uU8ZgEyw==
X-Received: by 2002:a53:ab49:0:b0:650:5f31:2334 with SMTP id 956f58d0204a3-65198b48539mr2651321d50.32.1775837412058; Fri, 10 Apr 2026 09:10:12 -0700 (PDT)
MIME-Version: 1.0
References: <e100c374-1323-4e10-942e-7c956b46f9e3@rfc-editor.org>
In-Reply-To: <e100c374-1323-4e10-942e-7c956b46f9e3@rfc-editor.org>
From: Ted Hardie <ted.ietf@gmail.com>
Date: Fri, 10 Apr 2026 17:09:45 +0100
X-Gm-Features: AQROBzBB4LdvTeachg5itRcZqWMkXPgxeMT1Rfxo1ThTJX3DbfOBVJEwCYdH1vU
Message-ID: <CA+9kkMCs_eWXGcS5uScro7bRoFX=7AJq1o76W-8bCXp-K9-Hsw@mail.gmail.com>
To: "Independent Submissions Editor (Eliot Lear)" <rfc-ise@rfc-editor.org>
Content-Type: multipart/alternative; boundary="0000000000001fee24064f1d5eca"
Message-ID-Hash: R3N4KXZQUBRCNSNEGBNFQQKKMU773UX2
X-Message-ID-Hash: R3N4KXZQUBRCNSNEGBNFQQKKMU773UX2
X-MailFrom: ted.ietf@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-uri-review.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: uri-review@ietf.org, draft-grimminck-safe-ioc-sharing@ietf.org
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [Uri-review] Re: draft-grimminck-safe-ioc-sharing
List-Id: Proposed URI Schemes <uri-review.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/uri-review/wi2eLFUR3jSCl_GCz-xd6Bvrea0>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uri-review>
List-Help: <mailto:uri-review-request@ietf.org?subject=help>
List-Owner: <mailto:uri-review-owner@ietf.org>
List-Post: <mailto:uri-review@ietf.org>
List-Subscribe: <mailto:uri-review-join@ietf.org>
List-Unsubscribe: <mailto:uri-review-leave@ietf.org>

Hi Eliot,

As a meta-question was this draft brought to the IETF before going to the
ISE?  I don't see any record of it in places I would expect (DISPATCH,
SAAG), but my records may be incomplete.

After a quick read, this actually seems like something that the IETF should
consider, as there are some aspects of it that probably need wider review.
An example here is Section 9, which references how to handle IDNs.  It
describes punycode, but the overall IDNA standard should be referenced,
probably especially RFC 3490, Section 3.1.

On the question related to the existing registration, RFC 7595 says:

      There must not already be an entry with the same scheme name.  In
      the unfortunate case that there are multiple, different uses of
      the same scheme name, the Designated Expert can approve a request
      to modify an existing entry to note the separate use.

I would first contact Hugo Salgado, the original registrant, to see if he
would be willing to work with this author on the draft and to transfer the
registration.  Since the use is functionally the same (though the
surrounding advice is different), I don't see a particular need to shift
the registration, but if this is desired and the original registrant is
unavailable, I believe the designated expert could invoke the clause above
and add the new document.

regards,

Ted Hardie

On Fri, Apr 10, 2026 at 4:38 PM Independent Submissions Editor (Eliot Lear)
<rfc-ise@rfc-editor.org> wrote:

> Dear URI reviewers,
>
> The Independent Submissions Editor has received a publication request for
> draft-grimminck-safe-ioc-sharing.  This draft intentionally makes certain
> URIs unresolvable during transport.  I am contacting you because there are
> several legacy use cases, two in particular: http-> hxxp and https ->
> hxxps.  I have no doubt, but that these indicators of compromise (IOC)
> transformations are widely accepted as a convention.  I note that an old
> draft, draft-salgado-hxxp-01 has provisionally registered these schemes.
> This is sufficient to limit damage with those particular schemes.  There
> can be other schemes that may be used to reference compromised content.
>
> I have several questions for this group:
>
>    - Stefan is considering a more generic approach that uses illegal
>    characters in the scheme (*) for other schemes.  Do you agree that is
>    appropriate?
>    - Would you like the registration for hxxp and hxxps to move to this
>    work, should it progress?
>    - Would you like to mark the registrations as permanent as part of
>    that process?
>    - Would you like to perform a review of the draft?  Reviewer guidance
>    can be found at https://www.rfc-editor.org/materials/reviewer.guide.txt
>    .
>
> Regards,
>
> Eliot
>
>
> _______________________________________________
> Uri-review mailing list -- uri-review@ietf.org
> To unsubscribe send an email to uri-review-leave@ietf.org
>

v2.46.0 | Report a Bug | By Email | System Status