Thank you for the review and feedback!
I filed an issue <https://github.com/httpwg/http-extensions/issues/2849> with
some proposed text to add to the security considerations section.
Suggestions are welcome :)
Best,
Nidhi
On Wed, Jul 31, 2024 at 2:59 AM Tim Hollebeek via Datatracker <
noreply@ietf.org> wrote:
> Reviewer: Tim Hollebeek
> Review result: Ready
>
> This is rather unimportant, but I just wanted to mention it in case the
> authors
> find it useful. Feel free to ignore.
>
> The document states that there are no new security considerations, but
> that's
> perhaps not quite true. I think it might be useful to call out that an
> implementation cannot rely on its peer behaving correctly, so implementers
> will
> have to take into account they may still receive oversized frames from
> misbehaving clients. This is arguably no different from the situation
> today, so
> it can be argued that the current considerations are accurate.
>
> I just thought it might be useful to call it out so some engineer doesn't
> remove validation checks since the other side is supposed to behave now.
> Just
> because we have standards, doesn't mean that everyone complies.
>