The 'alter' URI Scheme for Dispatchable ~handle References
draft-morrison-alter-uri-scheme-00
This document is an Internet-Draft (I-D).
Anyone may submit an I-D to the IETF.
This I-D is not endorsed by the IETF and has no formal standing in the
IETF standards process.
| Document | Type | Active Internet-Draft (individual) | |
|---|---|---|---|
| Author | Blake Morrison | ||
| Last updated | 2026-05-15 | ||
| RFC stream | (None) | ||
| Intended RFC status | (None) | ||
| Formats | |||
| Stream | Stream state | (No stream defined) | |
| Consensus boilerplate | Unknown | ||
| RFC Editor Note | (None) | ||
| IESG | IESG state | I-D Exists | |
| Telechat date | (None) | ||
| Responsible AD | (None) | ||
| Send notices to | (None) |
draft-morrison-alter-uri-scheme-00
Network Working Group B. Morrison
Internet-Draft Alter Meridian Pty Ltd
Intended status: Standards Track 15 May 2026
Expires: 16 November 2026
The 'alter' URI Scheme for Dispatchable ~handle References
draft-morrison-alter-uri-scheme-00
Abstract
This document defines the alter URI scheme as a dispatchable
reference syntax for ~handle identity references published under the
DNS substrate defined in [MCPDNS]. An alter: URI binds a textual
~handle reference, with an optional surface path, to a resolution and
verification procedure that retrieves the handle's envelope from the
publishing zone, validates the envelope's signature chain, and
dispatches the result to an operating-system URI handler. The scheme
is provisionally registered under [MCPDNS] Section 11; this document
is the full registration request per [RFC7595] Section 3.
The scheme is provider-neutral, introduces no new cryptographic
primitive, and reuses the resolution and verification procedures of
[MCPDNS] without modification. The principal contribution is to give
operating systems, browsers, chat clients, and command-line tools a
single dispatch surface for handle-typed references so that clicking,
typing, or scanning an alter: URI yields a verified handle resolution
rather than a free-text string.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on 16 November 2026.
Morrison Expires 16 November 2026 [Page 1]
Internet-Draft alter URI Scheme May 2026
Copyright Notice
Copyright (c) 2026 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/
license-info) in effect on the date of publication of this document.
Please review these documents carefully, as they describe your rights
and restrictions with respect to this document. Code Components
extracted from this document must include Revised BSD License text as
described in Section 4.e of the Trust Legal Provisions and are
provided without warranty as described in the Revised BSD License.
Table of Contents
1. Status of This Memo . . . . . . . . . . . . . . . . . . . . . 3
2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
2.1. Requirements Language . . . . . . . . . . . . . . . . . . 4
3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4
4. Scheme Definition . . . . . . . . . . . . . . . . . . . . . . 4
4.1. Scheme Name . . . . . . . . . . . . . . . . . . . . . . . 4
4.2. Status . . . . . . . . . . . . . . . . . . . . . . . . . 4
4.3. URI Scheme Syntax . . . . . . . . . . . . . . . . . . . . 4
4.4. Scheme Semantics . . . . . . . . . . . . . . . . . . . . 5
4.5. Encoding Considerations . . . . . . . . . . . . . . . . . 6
4.6. Applications and Protocols That Use This Scheme . . . . . 6
4.7. Interoperability Considerations . . . . . . . . . . . . . 6
4.8. Security Considerations . . . . . . . . . . . . . . . . . 7
4.9. Author / Change Controller . . . . . . . . . . . . . . . 7
4.10. References . . . . . . . . . . . . . . . . . . . . . . . 7
5. Operating-System Handler Registration . . . . . . . . . . . . 7
5.1. Linux desktops . . . . . . . . . . . . . . . . . . . . . 7
5.2. macOS . . . . . . . . . . . . . . . . . . . . . . . . . . 8
5.3. Windows . . . . . . . . . . . . . . . . . . . . . . . . . 8
5.4. Android . . . . . . . . . . . . . . . . . . . . . . . . . 8
5.5. iOS . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
6. Surface-Path Examples . . . . . . . . . . . . . . . . . . . . 8
7. Security Considerations . . . . . . . . . . . . . . . . . . . 8
7.1. Verification Mandate . . . . . . . . . . . . . . . . . . 9
7.2. Handler Substitution . . . . . . . . . . . . . . . . . . 9
7.3. Path-Component Privacy . . . . . . . . . . . . . . . . . 9
7.4. Cross-Scheme Confusion . . . . . . . . . . . . . . . . . 9
7.5. IRI Considerations . . . . . . . . . . . . . . . . . . . 10
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 10
9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 11
10. References . . . . . . . . . . . . . . . . . . . . . . . . . 11
10.1. Normative References . . . . . . . . . . . . . . . . . . 11
Morrison Expires 16 November 2026 [Page 2]
Internet-Draft alter URI Scheme May 2026
10.2. Informative References . . . . . . . . . . . . . . . . . 12
Appendix A. Change Log . . . . . . . . . . . . . . . . . . . . . 12
A.1. draft-morrison-alter-uri-scheme-00 . . . . . . . . . . . 12
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 12
1. Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
2. Introduction
The ~handle identity primitive defined in [MCPDNS] binds a textual
identifier (Sovereign, Bot, or Instrument tier per [IDCOMMITS]) to a
cryptographic principal published under an _alter. DNS TXT record.
A handle reference written in running text -- ~blake, ~truealter.com,
~cc-opus-4-7 -- is interpretable to a human reader but is not, by
itself, a dispatchable reference for a machine.
This document defines the alter URI scheme as the dispatchable form
of a handle reference. An alter: URI binds a ~handle, with an
optional surface path, to the resolution procedure of [MCPDNS] and to
a URI handler registered with the host operating system. Once a
handler is installed, clicking alter:~blake in a browser, chat
window, or terminal yields a verified envelope; the handler decides
what to do with the resulting envelope (open an inbox, show a profile
card, initiate an Accord ceremony per [IDACCORD], dispatch to a per-
surface MCP tool).
The scheme is provisionally registered in [MCPDNS] Section 11. This
document is the standalone registration request submitted to IANA per
[RFC7595] Section 3, separating the administrative ceremony of scheme
registration from the substantive specification of the DNS substrate.
Morrison Expires 16 November 2026 [Page 3]
Internet-Draft alter URI Scheme May 2026
2.1. Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in BCP
14 RFC2119 [RFC8174] when, and only when, they appear in all
capitals, as shown here.
3. Terminology
~handle A textual identity reference defined in [MCPDNS] and tiered
in [IDCOMMITS]. Handles begin with the tilde character U+007E.
Envelope The signed identity record retrieved from the
_alter.<domain> DNS TXT record of the publishing zone, as
specified in [MCPDNS] Section 5.
Handler An operating-system component registered to receive alter:
URIs and dispatch to a resolver. Examples include xdg-mime
associations [XDG-MIME] on Linux, LaunchServices URL handlers
[LSHANDLERS] on macOS, registry entries under HKCR on Windows,
intent filters on Android, and universal links on iOS.
Surface A named addressable resource under a handle, expressed as
the path component of the URI (e.g. decisions/123, inbox, seat/
architect).
4. Scheme Definition
4.1. Scheme Name
alter
4.2. Status
Permanent. The registration upgrades the provisional registration
recorded under [MCPDNS] Section 11.
4.3. URI Scheme Syntax
The alter URI scheme's generic syntax conforms to [RFC3986]:
Morrison Expires 16 November 2026 [Page 4]
Internet-Draft alter URI Scheme May 2026
alter-URI = "alter:" handle-ref [ "/" handle-path ] [ "?" query ]
[ "#" fragment ]
handle-ref = "~" handle-name
handle-name = sovereign-name / bot-name / instrument-name
sovereign-name
= ALPHA *( ALPHA / DIGIT / "-" / "." )
; Per [IDCOMMITS] Section 4.
bot-name = ALPHA *( ALPHA / DIGIT / "-" / "." ) ".bot"
instrument-name
= "cc-" 1*( ALPHA / DIGIT / "-" / "." )
; Per [IDCOMMITS] Section 4.
handle-path = segment *( "/" segment )
segment = 1*( unreserved / pct-encoded / sub-delims / ":" / "@" )
query = *( pchar / "/" / "?" )
fragment = *( pchar / "/" / "?" )
pchar = unreserved / pct-encoded / sub-delims / ":" / "@"
unreserved = ALPHA / DIGIT / "-" / "." / "_" / "~"
pct-encoded = "%" HEXDIG HEXDIG
sub-delims = "!" / "$" / "&" / "'" / "(" / ")"
/ "*" / "+" / "," / ";" / "="
The handle-name ABNF mirrors the tier productions of [IDCOMMITS]
without restating tier-level invariants; an alter: URI carries a
single handle and the parser determines the tier from the lexical
form.
The host-component slot of a generic URI is not used. All identity-
bearing material is carried in the path-like handle-ref production
immediately after the scheme separator.
4.4. Scheme Semantics
Operations on an alter: URI are retrieval-by-default. Submitting an
alter: URI to a handler MUST perform the resolution and verification
procedure specified in [MCPDNS] Section 8 before any content or
directive derived from the resulting envelope is acted upon.
Specifically, the handler MUST:
1. Parse the URI per the ABNF above.
Morrison Expires 16 November 2026 [Page 5]
Internet-Draft alter URI Scheme May 2026
2. Resolve ~handle to a publishing zone via the procedures of
[MCPDNS] Section 6.
3. Retrieve and DNSSEC-validate [RFC4033] the _alter.<zone> TXT
record.
4. Verify the envelope signature against the published Ed25519 key
per [MCPDNS] Section 8.
5. If a handle-path is present, dispatch the surface request to the
resolver indicated by the envelope. Surface dispatch semantics
are scheme-neutral and out of scope for this document.
Handlers SHOULD treat any verification failure as a hard error and
SHOULD NOT fall back to unverified retrieval.
4.5. Encoding Considerations
alter URIs are ASCII per [RFC3986]; characters outside the unreserved
set MUST be percent-encoded. The IRI form per [RFC3987] is supported
for handle-paths that contain non-ASCII characters; the handle-ref
itself MUST be ASCII to align with the DNS label production of
[MCPDNS]. The tilde character U+007E is reserved as the handle
prefix and is treated as a literal, not as an unreserved-character
escape.
4.6. Applications and Protocols That Use This Scheme
The reference substrate operating at ~truealter.com uses alter: URIs
to dispatch handle references between operating-system handlers, the
alter command-line interface, chat clients, and agent runtimes that
consume the DNS substrate of [MCPDNS]. Any agent runtime, client, or
operating-system component that resolves ~handle references can
register a handler for the scheme.
4.7. Interoperability Considerations
Operating-system URI handler registries are well-defined for each
target platform:
* Linux desktops: xdg-mime associations [XDG-MIME].
* macOS: CFBundleURLSchemes entries in an application's Info.plist
[LSHANDLERS].
* Windows: HKEY_CLASSES_ROOT\alter with URL Protocol and
shell\open\command subkeys.
Morrison Expires 16 November 2026 [Page 6]
Internet-Draft alter URI Scheme May 2026
* Android: <intent-filter> with <data android:scheme="alter">.
* iOS: associated-domains and universal-link entitlement entries.
Where multiple applications register a handler for alter:, the
operating system's default-application policy applies. No special
arbitration mechanism is defined by this document.
Browsers MAY treat alter: URIs as opaque external schemes and
delegate dispatch to the operating-system handler. Clients SHOULD
NOT attempt direct retrieval of alter: URIs over HTTP; the resolution
procedure of [MCPDNS] does not run over HTTP.
The alter scheme does not displace any existing scheme and does not
contradict the path-handling rules of [RFC3986]. It coexists with
https:, mailto:, and other schemes that an operating system may
dispatch on the same surface.
4.8. Security Considerations
See Section 5 below.
4.9. Author / Change Controller
IETF, with change requests routed via the document author: Blake
Morrison, Alter Meridian Pty Ltd, blake@truealter.com.
4.10. References
[MCPDNS], [IDCOMMITS], [RFC3986], [RFC7595].
5. Operating-System Handler Registration
The following non-normative subsections sketch the platform- specific
registration entries that a conforming handler installs.
Implementations are responsible for the platform-specific syntax;
this document does not prescribe handler binaries or invocation
shapes.
5.1. Linux desktops
A .desktop file with MimeType=x-scheme-handler/alter; and a Exec=
line invoking the platform resolver. The alter-cli reference
implementation registers itself as the default handler on first run.
Morrison Expires 16 November 2026 [Page 7]
Internet-Draft alter URI Scheme May 2026
5.2. macOS
A CFBundleURLTypes entry with CFBundleURLSchemes=("alter") and a
CFBundleURLName of Identity Handle Reference in the application's
Info.plist.
5.3. Windows
Registry entries under HKEY_CLASSES_ROOT\alter:
* A default value of URL:Identity Handle Reference.
* A URL Protocol value of empty string.
* A shell\open\command subkey with the handler invocation.
5.4. Android
An <intent-filter> declaring <data android:scheme="alter"/> on an
Activity capable of performing the resolution procedure of [MCPDNS]
Section 8.
5.5. iOS
An associated-domains entitlement listing the publishing zone, plus a
LSApplicationQueriesSchemes entry that includes alter.
6. Surface-Path Examples
The following non-normative examples illustrate the path syntax.
Surface semantics are out of scope; each surface is defined by the
specification that owns it.
alter:~blake
alter:~truealter.com/decisions/123
alter:~drew/inbox
alter:~truealter.com/seat/architect
alter:~cc-opus-4-7/sessions/last
The first form addresses an envelope; the second through fourth forms
address surfaces under an envelope; the fifth form illustrates
Instrument-tier surfaces.
7. Security Considerations
Morrison Expires 16 November 2026 [Page 8]
Internet-Draft alter URI Scheme May 2026
7.1. Verification Mandate
The verification mandate of [MCPDNS] Section 8 is the security floor
of this scheme. Handlers that accept an alter: URI without verifying
the envelope's signature against the DNSSEC-validated publishing
record violate the scheme's invariants. An attacker who induces a
handler to perform unverified retrieval can substitute an envelope.
Implementations MUST treat envelope verification as a precondition to
any side effect (writing files, sending requests, dispatching a sub-
handler).
7.2. Handler Substitution
The operating-system's default-application policy is the trust-anchor
for which binary handles alter: URIs. Users configuring the default
handler MUST treat handler selection with the same caution they apply
to default browsers or default mail clients. A malicious handler
could parse an alter: URI, present a forged envelope to the user, and
act on attacker-supplied data without performing verification.
Implementations SHOULD cross-check the handler binary's signature
against the publishing substrate's expected handler manifest where
such a manifest is defined by a future specification.
7.3. Path-Component Privacy
A handle-path included in an alter: URI is part of the URI's textual
form and may be logged by the operating-system handler registry,
browser history, terminal scrollback, and chat-client indexers.
Surface owners that consider a path identifier (e.g. a decision
identifier, a thread identifier) sensitive SHOULD provide indirected
forms (opaque tokens, ephemeral identifiers) and SHOULD NOT recommend
embedding sensitive identifiers in the URI's path component.
7.4. Cross-Scheme Confusion
A URI of the form alter://~blake (with the authority-component
double-slash) is malformed and MUST be rejected. Implementations
MUST NOT silently coerce alter://~handle to alter:~handle; divergent
parsers risk confusing a third-party authority component with a
handle reference.
Morrison Expires 16 November 2026 [Page 9]
Internet-Draft alter URI Scheme May 2026
7.5. IRI Considerations
When an alter: URI is presented in IRI form per [RFC3987] with non-
ASCII characters in the handle-path, implementations MUST apply the
conversion procedure of [RFC3987] Section 3.1 before performing the
resolution procedure. Non-ASCII characters in the handle-ref itself
MUST be rejected; handle names are restricted to the ASCII production
above.
8. IANA Considerations
This document requests that IANA register the alter URI scheme in the
Uniform Resource Identifier (URI) Schemes registry per [RFC7595]
Section 7, replacing the provisional registration recorded under
[MCPDNS] Section 11 with the following permanent registration:
* URI scheme name: alter
* Status: Permanent
* URI scheme syntax: As specified in Section 3.3 above.
* URI scheme semantics: As specified in Section 3.4 above.
* Encoding considerations: As specified in Section 3.5 above.
* Applications/protocols that use this URI scheme name: As specified
in Section 3.6 above.
* Interoperability considerations: As specified in Section 3.7
above.
* Security considerations: As specified in Section 5 above.
* Contact: Blake Morrison blake@truealter.com
(mailto:blake@truealter.com), Alter Meridian Pty Ltd, Cronulla,
NSW, Australia.
* Author/Change controller: IETF.
* References: This document; [MCPDNS]; [IDCOMMITS].
Morrison Expires 16 November 2026 [Page 10]
Internet-Draft alter URI Scheme May 2026
9. Acknowledgements
The scheme builds on the ~handle identity primitive defined in
[MCPDNS] and the tier taxonomy of [IDCOMMITS]. The lexical choice of
tilde for the handle prefix is informed by [POSIX-TILDE] and by the
long-standing shell convention that the tilde denotes a named
principal.
10. References
10.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/info/rfc8174>.
[RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform
Resource Identifier (URI): Generic Syntax", STD 66,
RFC 3986, DOI 10.17487/RFC3986, January 2005,
<https://www.rfc-editor.org/info/rfc3986>.
[RFC7595] Thaler, D., Ed., Hansen, T., and T. Hardie, "Guidelines
and Registration Procedures for URI Schemes", BCP 35,
RFC 7595, DOI 10.17487/RFC7595, June 2015,
<https://www.rfc-editor.org/info/rfc7595>.
[RFC3987] Duerst, M. and M. Suignard, "Internationalized Resource
Identifiers (IRIs)", RFC 3987, DOI 10.17487/RFC3987,
January 2005, <https://www.rfc-editor.org/info/rfc3987>.
[RFC4033] Arends, R., Austein, R., Larson, M., Massey, D., and S.
Rose, "DNS Security Introduction and Requirements",
RFC 4033, DOI 10.17487/RFC4033, March 2005,
<https://www.rfc-editor.org/info/rfc4033>.
[MCPDNS] Morrison, B., "Discovery of Model Context Protocol Servers
via DNS TXT Records", 2026,
<https://datatracker.ietf.org/doc/draft-morrison-mcp-dns-
discovery/>.
Morrison Expires 16 November 2026 [Page 11]
Internet-Draft alter URI Scheme May 2026
[IDCOMMITS]
Morrison, B., "Identity-Attributed Git Commits via Tier-
Structured Trailers", 2026,
<https://datatracker.ietf.org/doc/draft-morrison-identity-
attributed-commits/>.
10.2. Informative References
[RFC8615] Nottingham, M., "Well-Known Uniform Resource Identifiers
(URIs)", RFC 8615, DOI 10.17487/RFC8615, May 2019,
<https://www.rfc-editor.org/info/rfc8615>.
[IDACCORD] Morrison, B., "Identity Accord Protocol", 2026,
<https://datatracker.ietf.org/doc/draft-morrison-identity-
accord/>.
[IDPRONOUNS]
Morrison, B., "Identity Pronouns: A Reference-Axis
Extension to ~handle Identity Systems", 2026,
<https://datatracker.ietf.org/doc/draft-morrison-identity-
pronouns/>.
[POSIX-TILDE]
"IEEE Std 1003.1-2017, Shell Command Language,
Section 2.6.1 Tilde Expansion", 2017,
<https://pubs.opengroup.org/onlinepubs/9699919799/>.
[XDG-MIME] "Shared MIME-info Database Specification", 2024,
<https://specifications.freedesktop.org/shared-mime-info-
spec/latest/>.
[LSHANDLERS]
"Apple URL Scheme Reference (CFBundleURLSchemes /
LSHandlers)", 2024,
<https://developer.apple.com/library/archive/documentation/General/Reference/
InfoPlistKeyReference/Articles/CoreFoundationKeys.html>.
Appendix A. Change Log
A.1. draft-morrison-alter-uri-scheme-00
* Initial submission. Upgrades the provisional registration
recorded in [MCPDNS] Section 11.
Author's Address
Morrison Expires 16 November 2026 [Page 12]
Internet-Draft alter URI Scheme May 2026
Blake Morrison
Alter Meridian Pty Ltd
Cronulla, NSW
Australia
Email: blake@truealter.com
Morrison Expires 16 November 2026 [Page 13]