Thank you for the review and feedback! I filed an issue <https://github.com/httpwg/http-extensions/issues/2849> with some proposed text to add to the security considerations section. Suggestions are welcome :) Best, Nidhi On Wed, Jul 31, 2024 at 2:59 AM Tim Hollebeek via Datatracker < noreply@ietf.org> wrote: > Reviewer: Tim Hollebeek > Review result: Ready > > This is rather unimportant, but I just wanted to mention it in case the > authors > find it useful. Feel free to ignore. > > The document states that there are no new security considerations, but > that's > perhaps not quite true. I think it might be useful to call out that an > implementation cannot rely on its peer behaving correctly, so implementers > will > have to take into account they may still receive oversized frames from > misbehaving clients. This is arguably no different from the situation > today, so > it can be argued that the current considerations are accurate. > > I just thought it might be useful to call it out so some engineer doesn't > remove validation checks since the other side is supposed to behave now. > Just > because we have standards, doesn't mean that everyone complies. >
Received on Wednesday, 31 July 2024 02:01:34 UTC