Last Call Review of draft-ietf-httpbis-sfbis-05
review-ietf-httpbis-sfbis-05-secdir-lc-yee-2024-02-12-00
Request | Review of | draft-ietf-httpbis-sfbis |
---|---|---|
Requested revision | No specific revision (document currently at 06) | |
Type | Last Call Review | |
Team | Security Area Directorate (secdir) | |
Deadline | 2024-02-12 | |
Requested | 2024-01-29 | |
Authors | Mark Nottingham , Poul-Henning Kamp | |
I-D last updated | 2024-02-12 | |
Completed reviews |
Genart Last Call review of -05
by Stewart Bryant
(diff)
Secdir Last Call review of -05 by Peter E. Yee (diff) |
|
Assignment | Reviewer | Peter E. Yee |
State | Completed | |
Request | Last Call review on draft-ietf-httpbis-sfbis by Security Area Directorate Assigned | |
Posted at | https://mailarchive.ietf.org/arch/msg/secdir/5Tahu-Snz7uV0E-jGdJxX80u8ZQ | |
Reviewed revision | 05 (document currently at 06) | |
Result | Ready | |
Completed | 2024-02-12 |
review-ietf-httpbis-sfbis-05-secdir-lc-yee-2024-02-12-00
This is a somewhat exhaustive (exhausting) specification for creating and handling HTTP Structured Fields. There's nothing cryptographic in here nor is the document overtly related to security. It's really about specifying the fields and being able to serialize and parse them. To that extent, parsing implementation tends to be the problem. This document calls out potential DoS issues with enormous fields, not always being able to correctly fail to parse a field, and Display String sanitization concerns. I've nothing to add on top of that, so I deem the document Ready.