[Last-Call] Re: Secdir last call review of draft-ietf-httpbis-zstd-window-size-01

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Thank you for the review and feedback!

I filed an issue with some proposed text to add to the security considerations section. Suggestions are welcome :)

Best,
Nidhi

On Wed, Jul 31, 2024 at 2:59 AM Tim Hollebeek via Datatracker <noreply@xxxxxxxx> wrote:
Reviewer: Tim Hollebeek
Review result: Ready

This is rather unimportant, but I just wanted to mention it in case the authors
find it useful.  Feel free to ignore.

The document states that there are no new security considerations, but that's
perhaps not quite true. I think it might be useful to call out that an
implementation cannot rely on its peer behaving correctly, so implementers will
have to take into account they may still receive oversized frames from
misbehaving clients. This is arguably no different from the situation today, so
it can be argued that the current considerations are accurate.

I just thought it might be useful to call it out so some engineer doesn't
remove validation checks since the other side is supposed to behave now. Just
because we have standards, doesn't mean that everyone complies.
-- 
last-call mailing list -- last-call@xxxxxxxx
To unsubscribe send an email to last-call-leave@xxxxxxxx

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux