Asides; fixes #4973

quicwg · Apr 26, 2022 · 512995c · 512995c
1 parent a639d78
commit 512995c
Showing 1 changed file with 15 additions and 14 deletions.
diff --git a/rfc9204.md b/rfc9204.md
@@ -1200,12 +1200,13 @@ This is possible even over the Transport Layer Security Protocol
 while TLS and QUIC provide confidentiality protection for content, they only
 provide a limited amount of protection for the length of that content.
 
-Note:
-
-: Padding schemes only provide limited protection against an attacker with these
-  capabilities, potentially only forcing an increased number of guesses to learn
-  the length associated with a given guess. Padding schemes also work directly
-  against compression by increasing the number of bits that are transmitted.
+<aside><t>
+Note: Padding schemes only provide limited protection against an attacker with
+these capabilities, potentially only forcing an increased number of guesses to
+learn the length associated with a given guess. Padding schemes also work
+directly against compression by increasing the number of bits that are
+transmitted.
+</t></aside>
 
 Attacks like CRIME ({{CRIME}}) demonstrated the existence of these general
 attacker capabilities. The specific attack exploited the fact that DEFLATE
@@ -1281,14 +1282,14 @@ re-encoded by an intermediary without knowledge of which entity constructed a
 given message, the intermediary could inadvertently merge compression contexts
 that the original encoder had specifically kept separate.
 
-Note:
-
-: Simply removing entries corresponding to the field from the dynamic table can
-  be ineffectual if the attacker has a reliable way of causing values to be
-  reinstalled. For example, a request to load an image in a web browser
-  typically includes the Cookie header field (a potentially highly valued target
-  for this sort of attack), and websites can easily force an image to be
-  loaded, thereby refreshing the entry in the dynamic table.
+<aside><t>
+Note: Simply removing entries corresponding to the field from the dynamic table
+can be ineffectual if the attacker has a reliable way of causing values to be
+reinstalled. For example, a request to load an image in a web browser typically
+includes the Cookie header field (a potentially highly valued target for this
+sort of attack), and websites can easily force an image to be loaded, thereby
+refreshing the entry in the dynamic table.
+</t></aside>
 
 ### Never-Indexed Literals