Skip to main content

Last Call Review of draft-ietf-httpbis-sfbis-05

Request Review of draft-ietf-httpbis-sfbis
Requested revision No specific revision (document currently at 06)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2024-02-12
Requested 2024-01-29
Authors Mark Nottingham , Poul-Henning Kamp
I-D last updated 2024-02-12
Completed reviews Genart Last Call review of -05 by Stewart Bryant (diff)
Secdir Last Call review of -05 by Peter E. Yee (diff)
Assignment Reviewer Peter E. Yee
State Completed
Request Last Call review on draft-ietf-httpbis-sfbis by Security Area Directorate Assigned
Posted at
Reviewed revision 05 (document currently at 06)
Result Ready
Completed 2024-02-12
This is a somewhat exhaustive (exhausting) specification for creating and
handling HTTP Structured Fields. There's nothing cryptographic in here nor is
the document overtly related to security. It's really about specifying the
fields and being able to serialize and parse them. To that extent, parsing
implementation tends to be the problem. This document calls out potential DoS
issues with enormous fields, not always being able to correctly fail to parse a
field, and Display String sanitization concerns. I've nothing to add on top of
that, so I deem the document Ready.