Il 11/01/2013 17:40, Kevin Smith ha scritto:
On Fri, Jan 11, 2013 at 3:45 PM, Marco Cirillo <[email protected]> wrote:
I'd like to also point out, expecially how STARTTLS is handled xmpp wise,
that you can't know what gets implemented and what doesn't explicitly as
long as you don't have the software, it's code or the implemented thing
reaches "the wire" or worse, getting into a world of pointless assumptions.
And that's fine. The point is that if you're providing XMPP software,
you must support it - I can't go and buy an XMPP server implementation
from someone and it not have TLS support. Deploying without TLS is
acceptable from the protocol point of view, this doesn't make you
non-compliant. So in cases where the implementation is the deployment,
like Google's, there's no practical foul from a compliance PoV to them
not enabling/coding TLS.
Which isn't to say that we wouldn't like them to support TLS, or
indeed that they wouldn't like to support TLS.
/K
+1, it perhapas would be for the best if the <<RFC actually fully agreed
also>>, the current wording mixes up *support* with
*deployment/availability* (and that could lead/leads to "incidents").
Marco.
