target = "https://www.rfc-editor.org/rfc/rfc9000#section-21.7"

# 21.7.  Stream Fragmentation and Reassembly Attacks
#
# An adversarial sender might intentionally not send portions of the
# stream data, causing the receiver to commit resources for the unsent
# data.  This could cause a disproportionate receive buffer memory
# commitment and/or the creation of a large and inefficient data
# structure at the receiver.
# 
# An adversarial receiver might intentionally not acknowledge packets
# containing stream data in an attempt to force the sender to store the
# unacknowledged stream data for retransmission.
# 
# The attack on receivers is mitigated if flow control windows
# correspond to available memory.  However, some receivers will
# overcommit memory and advertise flow control offsets in the aggregate
# that exceed actual available memory.  The overcommitment strategy can
# lead to better performance when endpoints are well behaved, but
# renders endpoints vulnerable to the stream fragmentation attack.
# 
# QUIC deployments SHOULD provide mitigations for stream fragmentation
# attacks.  Mitigations could consist of avoiding overcommitting
# memory, limiting the size of tracking data structures, delaying
# reassembly of STREAM frames, implementing heuristics based on the age
# and duration of reassembly holes, or some combination of these.

[[spec]]
level = "SHOULD"
quote = '''
QUIC deployments SHOULD provide mitigations for stream fragmentation
attacks.
'''