On Wed, 14 Feb 2024 at 15:14, Peter Saint-Andre wrote:
> On 2/13/24 11:18 PM, Travis Burtrum wrote:
>
> > 5.
> > Ultra-minor nit: is BOSH needed or useful with websockets and upcoming
> > webtransport? legacy clients that don't support either of those won't
> > support this either, and will look
Maybe because QUIC is still experimental
QUIC was published as RFC 9000 almost 3 years ago.
I meant XMPP QUIC, which is still an experimental XEP :)
signature.asc
Description: PGP signature
___
Standards mailing list -- standards@xmpp.org
To
On 2/13/24 11:18 PM, Travis Burtrum wrote:
5.
Ultra-minor nit: is BOSH needed or useful with websockets and upcoming
webtransport? legacy clients that don't support either of those won't
support this either, and will look up bosh the old way.
Could we perhaps deprecate BOSH at this point?
On 2/13/24 11:30 PM, Stephen Paul Weber wrote:
2.
It mentions QUIC, and links to the XEP, but I don't see a way to
indicate a QUIC connection?
Maybe because QUIC is still experimental, so probably not ready to be
enshrined in an RFC, especially with WT coming.
QUIC was published as RFC
On Wed, 14 Feb 2024 at 06:18, Travis Burtrum wrote:
> Hi Dave!
>
> I've only briefly reviewed this so far, so please forgive if I've missed
> things, but I have some early comments:
>
> Major blocker I'm not sure can be addressed:
>
> 1.
> This essentially re-introduces the major security flaw
This essentially re-introduces the major security flaw that was addressed
in XEP-0156 by removing the TXT record, just with a warning.
Isn't this security flaw inherent to all possible discovery mechanisms for
browser-based connection with domain delegation? Unless you can somehow
trust the
Hi Dave!
I've only briefly reviewed this so far, so please forgive if I've missed
things, but I have some early comments:
Major blocker I'm not sure can be addressed:
1.
This essentially re-introduces the major security flaw that was
addressed in XEP-0156 by removing the TXT record, just
