Merge pull request #2850 from nidhijaju/security-note

Add note to security considerations
httpwg · Aug 6, 2024 · cf3e275 · cf3e275
2 parents 119f556 + 41802a2
commit cf3e275
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/draft-ietf-httpbis-zstd-window-size.md b/draft-ietf-httpbis-zstd-window-size.md
@@ -111,6 +111,10 @@ generate frames requiring a Window_Size larger than 8 MB (see
 This document introduces no new security considerations beyond those discussed
 in {{RFC8878}}.
 
+Note that decoders still need to take into account that they can receive
+oversized frames that do not follow the window size limit specified in this
+document and fail decoding when such invalid frames are received.
+
 # IANA Considerations
 
 ## Content Encoding {#zstd-iana-token}