On February 11, 2022 3:48:47 AM GMT+01:00, Peter Saint-Andre
wrote:
> but that raises the issue of whether we should still
>recommend BOSH, since it was a pre-websockets workaround for long polling.
The Peertube webchat plugin uses BOSH because IIRC it has to run in an iframe
and can
Hi all,
I went ahead and removed the DNS method from XEP-0156 instead, and
updated the security considerations and business rules to explain that
TLS should always be used and what to send in SNI and what to look for
in the certificates.
Please let me know if anyone has concerns with this.
Thanks you Travis for taking the time to make individual reports for
each implementations. I fixed it in xmpp.js 0.13.1 .
If that works for everybody - I'm happy to remove BOSH / and XEP-0156
from XMPP Compliance Suites 2022.
If someone disagree please come up with a different solution than
Co-author of XEP-0156 here.
Thanks for raising this issue.
I would go even farther and note that DNS TXT records were never a great
idea for this functionality (they're actively discouraged in the DNS
community for application-level uses like this).
On 2/9/22 4:29 PM, Travis Burtrum wrote:
PR implementing my proposal https://github.com/xsf/xeps/pull/1158
___
Standards mailing list
Info: https://mail.jabber.org/mailman/listinfo/standards
Unsubscribe: standards-unsubscr...@xmpp.org
___
Issues I know about right now:
https://github.com/processone/docs.ejabberd.im/issues/113
https://github.com/JustOxlamon/TwoRatChat/issues/2
https://github.com/poVoq/converse_wp/issues/2
https://github.com/BombusMod/BombusMod/issues/130
Hi all,
The long story short (is outside of DNSSEC) it's impossible to use
_xmppconnect TXT records to securely connect to BOSH or WebSockets.
Every client I've been able to find that supported this is vulnerable to
trivial MITM (Man-In-The-Middle) via DNS spoofing. If you have a client