Workgroup:

Network Working Group

Internet-Draft:

draft-morrison-alter-uri-scheme-00

Published:

15 May 2026

Intended Status:

Standards Track

Expires:

16 November 2026

Author:

B. Morrison

Alter Meridian Pty Ltd

The 'alter' URI Scheme for Dispatchable ~handle References

Abstract

This document defines the alter URI scheme as a dispatchable reference syntax for ~handle identity references published under the DNS substrate defined in [MCPDNS]. An alter: URI binds a textual ~handle reference, with an optional surface path, to a resolution and verification procedure that retrieves the handle's envelope from the publishing zone, validates the envelope's signature chain, and dispatches the result to an operating-system URI handler. The scheme is provisionally registered under [MCPDNS] Section 11; this document is the full registration request per [RFC7595] Section 3.

The scheme is provider-neutral, introduces no new cryptographic primitive, and reuses the resolution and verification procedures of [MCPDNS] without modification. The principal contribution is to give operating systems, browsers, chat clients, and command-line tools a single dispatch surface for handle-typed references so that clicking, typing, or scanning an alter: URI yields a verified handle resolution rather than a free-text string.

Status of This Memo

This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.

Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.

Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."

This Internet-Draft will expire on 16 November 2026.

Copyright Notice

Copyright (c) 2026 IETF Trust and the persons identified as the document authors. All rights reserved.

This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.

1. Status of This Memo

This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.

Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.

Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."

2. Introduction

The ~handle identity primitive defined in [MCPDNS] binds a textual identifier (Sovereign, Bot, or Instrument tier per [IDCOMMITS]) to a cryptographic principal published under an _alter. DNS TXT record. A handle reference written in running text -- ~blake, ~truealter.com, ~cc-opus-4-7 -- is interpretable to a human reader but is not, by itself, a dispatchable reference for a machine.

This document defines the alter URI scheme as the dispatchable form of a handle reference. An alter: URI binds a ~handle, with an optional surface path, to the resolution procedure of [MCPDNS] and to a URI handler registered with the host operating system. Once a handler is installed, clicking alter:~blake in a browser, chat window, or terminal yields a verified envelope; the handler decides what to do with the resulting envelope (open an inbox, show a profile card, initiate an Accord ceremony per [IDACCORD], dispatch to a per-surface MCP tool).

The scheme is provisionally registered in [MCPDNS] Section 11. This document is the standalone registration request submitted to IANA per [RFC7595] Section 3, separating the administrative ceremony of scheme registration from the substantive specification of the DNS substrate.

2.1. Requirements Language

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 RFC2119 [RFC8174] when, and only when, they appear in all capitals, as shown here.

3. Terminology

~handle

A textual identity reference defined in [MCPDNS] and tiered in [IDCOMMITS]. Handles begin with the tilde character U+007E.

Envelope

The signed identity record retrieved from the _alter.<domain> DNS TXT record of the publishing zone, as specified in [MCPDNS] Section 5.

Handler

An operating-system component registered to receive alter: URIs and dispatch to a resolver. Examples include xdg-mime associations [XDG-MIME] on Linux, LaunchServices URL handlers [LSHANDLERS] on macOS, registry entries under HKCR on Windows, intent filters on Android, and universal links on iOS.

Surface

A named addressable resource under a handle, expressed as the path component of the URI (e.g. decisions/123, inbox, seat/architect).

4. Scheme Definition

4.1. Scheme Name

alter

4.2. Status

Permanent. The registration upgrades the provisional registration recorded under [MCPDNS] Section 11.

4.3. URI Scheme Syntax

The alter URI scheme's generic syntax conforms to [RFC3986]:

alter-URI    = "alter:" handle-ref [ "/" handle-path ] [ "?" query ]
                       [ "#" fragment ]

handle-ref   = "~" handle-name

handle-name  = sovereign-name / bot-name / instrument-name

sovereign-name
             = ALPHA *( ALPHA / DIGIT / "-" / "." )
                 ; Per [IDCOMMITS] Section 4.

bot-name     = ALPHA *( ALPHA / DIGIT / "-" / "." ) ".bot"

instrument-name
             = "cc-" 1*( ALPHA / DIGIT / "-" / "." )
                 ; Per [IDCOMMITS] Section 4.

handle-path  = segment *( "/" segment )
segment      = 1*( unreserved / pct-encoded / sub-delims / ":" / "@" )
query        = *( pchar / "/" / "?" )
fragment     = *( pchar / "/" / "?" )

pchar        = unreserved / pct-encoded / sub-delims / ":" / "@"
unreserved   = ALPHA / DIGIT / "-" / "." / "_" / "~"
pct-encoded  = "%" HEXDIG HEXDIG
sub-delims   = "!" / "$" / "&" / "'" / "(" / ")"
                 / "*" / "+" / "," / ";" / "="

The handle-name ABNF mirrors the tier productions of [IDCOMMITS] without restating tier-level invariants; an alter: URI carries a single handle and the parser determines the tier from the lexical form.

The host-component slot of a generic URI is not used. All identity-bearing material is carried in the path-like handle-ref production immediately after the scheme separator.

4.4. Scheme Semantics

Operations on an alter: URI are retrieval-by-default. Submitting an alter: URI to a handler MUST perform the resolution and verification procedure specified in [MCPDNS] Section 8 before any content or directive derived from the resulting envelope is acted upon. Specifically, the handler MUST:

1. Parse the URI per the ABNF above.

2. Resolve ~handle to a publishing zone via the procedures of [MCPDNS] Section 6.

3. Retrieve and DNSSEC-validate [RFC4033] the _alter.<zone> TXT record.

4. Verify the envelope signature against the published Ed25519 key per [MCPDNS] Section 8.

5. If a handle-path is present, dispatch the surface request to the resolver indicated by the envelope. Surface dispatch semantics are scheme-neutral and out of scope for this document.

Handlers SHOULD treat any verification failure as a hard error and SHOULD NOT fall back to unverified retrieval.

4.5. Encoding Considerations

alter URIs are ASCII per [RFC3986]; characters outside the unreserved set MUST be percent-encoded. The IRI form per [RFC3987] is supported for handle-paths that contain non-ASCII characters; the handle-ref itself MUST be ASCII to align with the DNS label production of [MCPDNS]. The tilde character U+007E is reserved as the handle prefix and is treated as a literal, not as an unreserved-character escape.

4.6. Applications and Protocols That Use This Scheme

The reference substrate operating at ~truealter.com uses alter: URIs to dispatch handle references between operating-system handlers, the alter command-line interface, chat clients, and agent runtimes that consume the DNS substrate of [MCPDNS]. Any agent runtime, client, or operating-system component that resolves ~handle references can register a handler for the scheme.

4.7. Interoperability Considerations

Operating-system URI handler registries are well-defined for each target platform:

• Linux desktops: xdg-mime associations [XDG-MIME].

• macOS: CFBundleURLSchemes entries in an application's Info.plist [LSHANDLERS].

• Windows: HKEY_CLASSES_ROOT\alter with URL Protocol and shell\open\command subkeys.

• Android: <intent-filter> with <data android:scheme="alter">.

• iOS: associated-domains and universal-link entitlement entries.

Where multiple applications register a handler for alter:, the operating system's default-application policy applies. No special arbitration mechanism is defined by this document.

Browsers MAY treat alter: URIs as opaque external schemes and delegate dispatch to the operating-system handler. Clients SHOULD NOT attempt direct retrieval of alter: URIs over HTTP; the resolution procedure of [MCPDNS] does not run over HTTP.

The alter scheme does not displace any existing scheme and does not contradict the path-handling rules of [RFC3986]. It coexists with https:, mailto:, and other schemes that an operating system may dispatch on the same surface.

4.8. Security Considerations

See Section 5 below.

4.9. Author / Change Controller

IETF, with change requests routed via the document author: Blake Morrison, Alter Meridian Pty Ltd, blake@truealter.com.

4.10. References

[MCPDNS], [IDCOMMITS], [RFC3986], [RFC7595].

5. Operating-System Handler Registration

The following non-normative subsections sketch the platform- specific registration entries that a conforming handler installs. Implementations are responsible for the platform-specific syntax; this document does not prescribe handler binaries or invocation shapes.

5.1. Linux desktops

A .desktop file with MimeType=x-scheme-handler/alter; and a Exec= line invoking the platform resolver. The alter-cli reference implementation registers itself as the default handler on first run.

5.2. macOS

A CFBundleURLTypes entry with CFBundleURLSchemes=("alter") and a CFBundleURLName of Identity Handle Reference in the application's Info.plist.

5.3. Windows

Registry entries under HKEY_CLASSES_ROOT\alter:

• A default value of URL:Identity Handle Reference.

• A URL Protocol value of empty string.

• A shell\open\command subkey with the handler invocation.

5.4. Android

An <intent-filter> declaring <data android:scheme="alter"/> on an Activity capable of performing the resolution procedure of [MCPDNS] Section 8.

5.5. iOS

An associated-domains entitlement listing the publishing zone, plus a LSApplicationQueriesSchemes entry that includes alter.

6. Surface-Path Examples

The following non-normative examples illustrate the path syntax. Surface semantics are out of scope; each surface is defined by the specification that owns it.

alter:~blake
alter:~truealter.com/decisions/123
alter:~drew/inbox
alter:~truealter.com/seat/architect
alter:~cc-opus-4-7/sessions/last

The first form addresses an envelope; the second through fourth forms address surfaces under an envelope; the fifth form illustrates Instrument-tier surfaces.

7. Security Considerations

7.1. Verification Mandate

The verification mandate of [MCPDNS] Section 8 is the security floor of this scheme. Handlers that accept an alter: URI without verifying the envelope's signature against the DNSSEC-validated publishing record violate the scheme's invariants. An attacker who induces a handler to perform unverified retrieval can substitute an envelope. Implementations MUST treat envelope verification as a precondition to any side effect (writing files, sending requests, dispatching a sub-handler).

7.2. Handler Substitution

The operating-system's default-application policy is the trust-anchor for which binary handles alter: URIs. Users configuring the default handler MUST treat handler selection with the same caution they apply to default browsers or default mail clients. A malicious handler could parse an alter: URI, present a forged envelope to the user, and act on attacker-supplied data without performing verification. Implementations SHOULD cross-check the handler binary's signature against the publishing substrate's expected handler manifest where such a manifest is defined by a future specification.

7.3. Path-Component Privacy

A handle-path included in an alter: URI is part of the URI's textual form and may be logged by the operating-system handler registry, browser history, terminal scrollback, and chat-client indexers. Surface owners that consider a path identifier (e.g. a decision identifier, a thread identifier) sensitive SHOULD provide indirected forms (opaque tokens, ephemeral identifiers) and SHOULD NOT recommend embedding sensitive identifiers in the URI's path component.

7.4. Cross-Scheme Confusion

A URI of the form alter://~blake (with the authority-component double-slash) is malformed and MUST be rejected. Implementations MUST NOT silently coerce alter://~handle to alter:~handle; divergent parsers risk confusing a third-party authority component with a handle reference.

7.5. IRI Considerations

When an alter: URI is presented in IRI form per [RFC3987] with non-ASCII characters in the handle-path, implementations MUST apply the conversion procedure of [RFC3987] Section 3.1 before performing the resolution procedure. Non-ASCII characters in the handle-ref itself MUST be rejected; handle names are restricted to the ASCII production above.

8. IANA Considerations

This document requests that IANA register the alter URI scheme in the Uniform Resource Identifier (URI) Schemes registry per [RFC7595] Section 7, replacing the provisional registration recorded under [MCPDNS] Section 11 with the following permanent registration:

• URI scheme name: alter

• Status: Permanent

• URI scheme syntax: As specified in Section 3.3 above.

• URI scheme semantics: As specified in Section 3.4 above.

• Encoding considerations: As specified in Section 3.5 above.

• Applications/protocols that use this URI scheme name: As specified in Section 3.6 above.

• Interoperability considerations: As specified in Section 3.7 above.

• Security considerations: As specified in Section 5 above.

• Contact: Blake Morrison blake@truealter.com, Alter Meridian Pty Ltd, Cronulla, NSW, Australia.

• Author/Change controller: IETF.

• References: This document; [MCPDNS]; [IDCOMMITS].

9. Acknowledgements

The scheme builds on the ~handle identity primitive defined in [MCPDNS] and the tier taxonomy of [IDCOMMITS]. The lexical choice of tilde for the handle prefix is informed by [POSIX-TILDE] and by the long-standing shell convention that the tilde denotes a named principal.

10. References

10.1. Normative References

[RFC2119]

Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, <https://www.rfc-editor.org/info/rfc2119>.

[RFC8174]

Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017, <https://www.rfc-editor.org/info/rfc8174>.

[RFC3986]

Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform Resource Identifier (URI): Generic Syntax", STD 66, RFC 3986, DOI 10.17487/RFC3986, January 2005, <https://www.rfc-editor.org/info/rfc3986>.

[RFC7595]

Thaler, D., Ed., Hansen, T., and T. Hardie, "Guidelines and Registration Procedures for URI Schemes", BCP 35, RFC 7595, DOI 10.17487/RFC7595, June 2015, <https://www.rfc-editor.org/info/rfc7595>.

[RFC3987]

Duerst, M. and M. Suignard, "Internationalized Resource Identifiers (IRIs)", RFC 3987, DOI 10.17487/RFC3987, January 2005, <https://www.rfc-editor.org/info/rfc3987>.

[RFC4033]

Arends, R., Austein, R., Larson, M., Massey, D., and S. Rose, "DNS Security Introduction and Requirements", RFC 4033, DOI 10.17487/RFC4033, March 2005, <https://www.rfc-editor.org/info/rfc4033>.

[MCPDNS]

Morrison, B., "Discovery of Model Context Protocol Servers via DNS TXT Records", 2026, <https://datatracker.ietf.org/doc/draft-morrison-mcp-dns-discovery/>.

[IDCOMMITS]

Morrison, B., "Identity-Attributed Git Commits via Tier-Structured Trailers", 2026, <https://datatracker.ietf.org/doc/draft-morrison-identity-attributed-commits/>.

10.2. Informative References

[RFC8615]

Nottingham, M., "Well-Known Uniform Resource Identifiers (URIs)", RFC 8615, DOI 10.17487/RFC8615, May 2019, <https://www.rfc-editor.org/info/rfc8615>.

[IDACCORD]

Morrison, B., "Identity Accord Protocol", 2026, <https://datatracker.ietf.org/doc/draft-morrison-identity-accord/>.

[IDPRONOUNS]

Morrison, B., "Identity Pronouns: A Reference-Axis Extension to ~handle Identity Systems", 2026, <https://datatracker.ietf.org/doc/draft-morrison-identity-pronouns/>.

[POSIX-TILDE]

"IEEE Std 1003.1-2017, Shell Command Language, Section 2.6.1 Tilde Expansion", 2017, <https://pubs.opengroup.org/onlinepubs/9699919799/>.

[XDG-MIME]

"Shared MIME-info Database Specification", 2024, <https://specifications.freedesktop.org/shared-mime-info-spec/latest/>.

[LSHANDLERS]

"Apple URL Scheme Reference (CFBundleURLSchemes / LSHandlers)", 2024, <https://developer.apple.com/library/archive/documentation/General/Reference/InfoPlistKeyReference/Articles/CoreFoundationKeys.html>.

Appendix A. Change Log

A.1. draft-morrison-alter-uri-scheme-00

• Initial submission. Upgrades the provisional registration recorded in [MCPDNS] Section 11.

Author's Address

Blake Morrison

Alter Meridian Pty Ltd

Cronulla, NSW

Australia

Email: blake@truealter.com