I understand that: the problem is that in this example, it is, so the problem is obviously somewhere else — that's what we should explore.
Is it just that the RFC has not been read properly? Maybe, but even if it was, I do not think having precisely defined behaviour in RFCs is sufficient: real world implementations have to be more flexible due to other buggy implementations they interact with.
I mean, I was pointing out one in a chain of security failures reverse proxies have had. I could probably point out 20-30 other ones that have cropped up. Adding the binary complexity to H2 has really increased the number of these coming.