edrthomas
commented
7 years ago Addressed in Security TF call 16-11-09
As mentioned in minutes, see accepted resolution for this issue.
Open haudiobe opened 7 years ago
edrthomas
commented
7 years ago Addressed in Security TF call 16-11-09
As mentioned in minutes, see accepted resolution for this issue.
Submitter: Giri Mandyam There is no assurance that this field will transverse proxies or middleboxes, particularly since TLS is not a requirement (at least not in this document). Sec. 3.2.1 of RFC 7230 allows for proxies to do this (“A proxy MUST forward unrecognized header fields unless the field-name is listed in the Connection header field (Section 6.1) or the proxy is specifically configured to block, or otherwise transform, such fields.”). Procedures to be taken in the case of dropped tokens are missing from this document.