Quoting XEP-0219:
> As a user, I may want to know three things:
> 1. If my connection to my server is encrypted.
> 2. If my server's connection to my contact's server is encrypted.
> 3. If my contact's connection to their server is encrypted.
I'd add a fourth item:
4. If my server's encrypted connections with my contact's server go down
and are replaced by unencrypted connections.
This could occur, for example, if a man-in-the-middle disrupts the
communication channels and then removes the <starttls/> elements from
the servers' subsequent attempts to reconnect.
At first glance this is harder to implement, but without it AFAICT
hop-check isn't secure (even if you trust the servers).
Servers could implement this by remembering all the servers they have
connected securely to and never again accepting insecure connections
with those servers. That way they would never have to inform their
clients about the change in circumstances.
Or we could add a requirement to XEP-0219 that all servers supporting
Hop Check MUST in all cases employ server-2-server connections only if
they are encrypted.
In fact perhaps that requirement could be included in RFC 3920bis?
- Ian
