@techreport{grimminck-safe-ioc-sharing-12, number = {draft-grimminck-safe-ioc-sharing-12}, type = {Internet-Draft}, institution = {Internet Engineering Task Force}, publisher = {Internet Engineering Task Force}, note = {Work in Progress}, url = {https://datatracker.ietf.org/doc/draft-grimminck-safe-ioc-sharing/12/}, author = {Stefan Grimminck}, title = {{Safe and Reversible Sharing of Malicious URLs and Indicators}}, pagetotal = 18, year = 2026, month = jun, day = 10, abstract = {This document codifies a consistent and reversible convention used in the threat intelligence and security communities for sharing potentially malicious indicators of compromise (IOCs), such as URLs, IP addresses, email addresses, and domain names. It describes a safe obfuscation format that reduces the risk of accidental execution or activation when IOCs are displayed or transmitted. The transformation renders an indicator syntactically invalid as a URI while keeping it recognizable to a human reader, and the original value can be recovered deterministically. Safe-IOC strings are a textual rendering convention, not URIs, and are not intended to be processed by generic URI parsers. These conventions aim to improve interoperability among tools and feeds that exchange threat intelligence data.}, }