From bdae5772768bbbd142f58ac0be0ea2a807c2f25d Mon Sep 17 00:00:00 2001
From: David Baker <dbkr@users.noreply.github.com>
Date: Tue, 16 Jan 2024 11:43:37 +0000
Subject: [PATCH] Add summary of security discussions

---
 proposals/3981-relations-recursion.md | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/proposals/3981-relations-recursion.md b/proposals/3981-relations-recursion.md
index 914ee3a6..9a7ae79b 100644
--- a/proposals/3981-relations-recursion.md
+++ b/proposals/3981-relations-recursion.md
@@ -93,7 +93,11 @@ client to craft a set of events that would cause unreasonable load.
 
 ## Security considerations
 
-Security considerations are discussed inline throughout this proposal.
+Security considerations are discussed inline throughout this proposal. To summarise:
+ * Allowing a client to control recursion depth could allow a client to cause outsize
+   load on the server if the server doesn't check the recursion depth.
+ * Naive server implementations could allow a client to craft a set of events that would
+   cause high load.
 
 ## Examples