- From: Martin Thomson <martin.thomson@gmail.com>
- Date: Fri, 10 May 2013 10:36:41 -0700
- To: James M Snell <jasnell@gmail.com>
- Cc: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
On 9 May 2013 10:26, James M Snell <jasnell@gmail.com> wrote: > Recommendation: Adding a short statement that a PROTOCOL_ERROR MUST be > returned if a frame contains more bytes than what is expressly > specified in the frame definition. That would prevent extension unnecessarily. And it doesn't do anything to improve security. When you want to harden security, you need to consider what equivalent options are available to an attacker. If I wanted to send you more data, then I will use DATA frames. Unless you can find a way to curtail DATA I see no reason to clamp down here.
Received on Friday, 10 May 2013 17:37:08 UTC