- From: Peter Yee via Datatracker <noreply@ietf.org>
- Date: Mon, 12 Feb 2024 17:02:24 -0800
- To: <secdir@ietf.org>
- Cc: draft-ietf-httpbis-sfbis.all@ietf.org, ietf-http-wg@w3.org, last-call@ietf.org
Reviewer: Peter Yee Review result: Ready This is a somewhat exhaustive (exhausting) specification for creating and handling HTTP Structured Fields. There's nothing cryptographic in here nor is the document overtly related to security. It's really about specifying the fields and being able to serialize and parse them. To that extent, parsing implementation tends to be the problem. This document calls out potential DoS issues with enormous fields, not always being able to correctly fail to parse a field, and Display String sanitization concerns. I've nothing to add on top of that, so I deem the document Ready.
Received on Tuesday, 13 February 2024 01:02:30 UTC