diff --git a/draft-ietf-httpbis-semantics-latest.xml b/draft-ietf-httpbis-semantics-latest.xml
index c23388c16..544bd933e 100644
--- a/draft-ietf-httpbis-semantics-latest.xml
+++ b/draft-ietf-httpbis-semantics-latest.xml
@@ -1650,10 +1650,13 @@ Content-Type: text/plain
opaque data.
- Field values containing control (CTL) characters such as
- CR or LF are invalid; recipients &MUST; either reject a field value
- containing control characters, or convert them to SP before processing or
- forwarding the message.
+ Field values containing CR or NUL characters are invalid and dangerous, due
+ to the varying ways that implementations might parse and interpret those characters;
+ a recipient of CR or NUL within a field value &MUST; either reject the message or
+ replace each of those characters with SP before further processing or forwarding
+ of that message. Field values containing other CTL characters are also invalid;
+ however, recipients &MAY; retain such characters for the sake of robustness if
+ they only appear within safe field value contexts (e.g., data not required by HTTP).
Leading and trailing whitespace in raw field values is removed upon field
@@ -12976,7 +12979,7 @@ Content-Type: text/plain
()
- Clarify that control characters in field values are to be rejected or
+ Clarify that CR and NUL in field values are to be rejected or
mapped to SP.
()
@@ -13446,6 +13449,7 @@ Content-Type: text/plain
+ - In , relax prohibition of characters in field values to CR and NUL ()
- In , clarify that status code values outside the range 100..599 are invalid, and recommend error handling ()
- Avoid the term "whitelist" ()
- In , discuss extensibility ()