Adding a description of stream commitment attacks in security section

draft-ietf-quic-transport.md

@@ -2699,46 +2699,44 @@ packets with ACK frames.
 
 ## Stream commitment attack
 
-An adversarial client may try to use the 
+An adversarial client may try to use the
 stream creation process to open a large
-number of streams and induce the server to 
+number of streams and induce the server to
 commit memory resource for the various
-streams. The adversarial client, or clients, would repeat the process on a 
+streams. The adversarial client, or clients, would repeat the process on a
 large number of connections, in an attempt to exhaust the server memory. This
 attack is in some ways similar to SYN flooding attack in TCP, in which the
-attackers try to exhaust a server memory by creating a large number of half 
+attackers try to exhaust a server memory by creating a large number of half
 open TCP connections. It is less potent than the SYN flooding attack, since
 stream creation is much lighter weight than the creation of TCP-IP connections,
-and stream control data presumably requires less 
+and stream control data presumably requires less
 memory resource than a TCP protocol
 control block. However, the attack can be amplified if the adversarial
 client can open multiple streams with a single message.
 
-Normally, clients will open streams sequentially, 
-as explained in {{stream-identifiers}}. 
+Normally, clients will open streams sequentially,
+as explained in {{stream-identifiers}}.
 However, when several streams are initiated at short intervals,
 transmission error may cause STREAM DATA frames opening streams to be
-received out of sequence. Some implementations will have provisions to 
+received out of sequence. Some implementations will have provisions to
 open all intermediate streams in case of out-of-sequence arrival. For example,
 a server that receive STREAM DATA for streams 3 and then 9 may decide to
-open stream 5 and 7 immediately. An adversarial client 
+open stream 5 and 7 immediately. An adversarial client
 would for example exploit that
-design by sending STREAM DATA for streams 3 and the 2,000,001, causing the 
+design by sending STREAM DATA for streams 3 and the 2,000,001, causing the
 server to open 1 million connections, and contributing to server resource
 exhaustion.
 
-The number of active streams is limited 
-by the concurrent stream limit transport 
-parameter, as explained in {{stream-concurrency}}. 
-If chosen judisciously, this limit 
-mitigates the effect of the stream commitment attack. 
+The number of active streams is limited
+by the concurrent stream limit transport
+parameter, as explained in {{stream-concurrency}}.
+If chosen judisciously, this limit
+mitigates the effect of the stream commitment attack.
 However, setting the limit
-too low could affect performance when 
+too low could affect performance when
 applications expect to open large number
 of streams.
 
-
-
 # IANA Considerations
 
 ## QUIC Transport Parameter Registry {#iana-transport-parameters}