Comment by drdexebtjl

It’s been an IETF Internet-Draft for a few years at this point, so there are some implementations already in the wild.

What I mean is that implementations are free to choose do something as complex as what you suggest, but also something as simple as hashing the body as a blob, and they can even bail on caching completely (for example if the payload is too large).

All of those options would be correct behavior per the RFC.

Of course we may still see CVEs from this, but they will be self-inflicted, not caused by a complex standard.