From 346a96c3cae1917224038de77363e88d0bdac804 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Wed, 15 Jun 2022 09:12:30 -0700
Subject: [PATCH 1/2] api: Explain security constraints of
 ATTR_AUTHORITY_OVERRIDE

Half of the text was copied from NameResolver.getServiceAuthority().
However, that method can't perform I/O (which would block) so more text
was appropriate here to mention the implications of having a remote
service provide the authority.

I noticed the text was lacking while discussing #9266.
---
 api/src/main/java/io/grpc/EquivalentAddressGroup.java | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/api/src/main/java/io/grpc/EquivalentAddressGroup.java b/api/src/main/java/io/grpc/EquivalentAddressGroup.java
index 915907d64b4..4a260f62f6e 100644
--- a/api/src/main/java/io/grpc/EquivalentAddressGroup.java
+++ b/api/src/main/java/io/grpc/EquivalentAddressGroup.java
@@ -40,6 +40,11 @@ public final class EquivalentAddressGroup {
    * However, if the channel has overridden authority via
    * {@link ManagedChannelBuilder#overrideAuthority(String)}, the transport will use the channel's
    * authority override.
+   *
+   * <p>The authority <strong>must</strong> be from a trusted source, because if the authority is
+   * tampered with RPCs may be sent to attackers which may leak sensitive user data. If the
+   * authority was acquired by doing I/O, the communication must be authenticated (e.g., via TLS).
+   * Recognize that the server that provided the authority can trivially impersonate the service.
    */
   @Attr
   @ExperimentalApi("https://github.com/grpc/grpc-java/issues/6138")

From da5e905bd7ce6cc9cfc793e50c8f860be84eb219 Mon Sep 17 00:00:00 2001
From: Eric Anderson <ejona@google.com>
Date: Wed, 22 Jun 2022 12:34:34 -0700
Subject: [PATCH 2/2] Comma

---
 api/src/main/java/io/grpc/EquivalentAddressGroup.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/api/src/main/java/io/grpc/EquivalentAddressGroup.java b/api/src/main/java/io/grpc/EquivalentAddressGroup.java
index 4a260f62f6e..969c82e010b 100644
--- a/api/src/main/java/io/grpc/EquivalentAddressGroup.java
+++ b/api/src/main/java/io/grpc/EquivalentAddressGroup.java
@@ -42,7 +42,7 @@ public final class EquivalentAddressGroup {
    * authority override.
    *
    * <p>The authority <strong>must</strong> be from a trusted source, because if the authority is
-   * tampered with RPCs may be sent to attackers which may leak sensitive user data. If the
+   * tampered with, RPCs may be sent to attackers which may leak sensitive user data. If the
    * authority was acquired by doing I/O, the communication must be authenticated (e.g., via TLS).
    * Recognize that the server that provided the authority can trivially impersonate the service.
    */