(registered 2026-05-11, last updated 2026-05-20)

Scheme name: cttps

Status: Provisional

Syntax:
   The syntax of the 'cttps' URI scheme is identical to the 'https' URI
   scheme syntax as defined in RFC 9110, Section 4.2.2.
   
   cttps-URI = "cttps:" "//" authority path-abempty [ "?" query ] [ "#" fragment ]

Applicable scheme semantics:
   The 'cttps' URI scheme denotes a secure variant of the Hypertext Transfer
   Protocol (HTTP) where the underlying transport mechanism mandates a zero-trust,
   ephemeral cryptographic handshake with strict transcript binding. The semantics
   of HTTP requests and responses remain identical to HTTP over TLS.

Encoding considerations:
   Identical to the encoding considerations for the 'https' URI scheme
   specified in RFC 9110.

Security considerations:
   Implementations of the 'cttps' scheme must adhere to a baseline zero-trust
   security architecture designed to mitigate Man-in-the-Middle (MITM) and
   handshake modification attacks.
   
   1. Handshake Transcript Hashing: Both the Client and Server must maintain
      a running transcript of the entire initial exchange and compute a
      SHA-256 hash over the concatenation of the Client’s ephemeral public
      key (pk_C) and the Server’s ephemeral public key (pk_S).
     
   2. HKDF-SHA256 Key Derivation: Implementations must not use raw shared
      secrets for session encryption. The raw X25519 shared secret (ss)
      generated via Elliptic Curve Diffie-Hellman must be passed as the Input
      Keying Material (IKM) into HKDF-SHA256. The calculated Handshake
      Transcript Hash must be supplied as the 'info' parameter during the
      HKDF expansion phase to cryptographically bind the resulting symmetric
      session keys to the unmodified handshake.
     
   3. MITM & Tamper Detection: Symmetric session encryption must utilize
      Authenticated Encryption with Associated Data (AEAD). Any alteration
      of the handshake transcript or public keys will result in divergent
      session keys, causing the first AEAD-encrypted frame to fail its
      integrity check. Any such integrity failure must result in immediate
      connection termination to prevent information leakage.

Proxying considerations:
   Identical to 'https' proxying routing and encapsulation.

Contact:
  Saso Ahmed
  NotDreamPVP&gmail.com

Change controller:
   Saso Ahmed

References:
   N/A