Hi folks, I’m -1 on the component-s2s spec. I’ve been backwards and forwards a number of times on whether to use the veto or not, and I’m using it in the lightest sense.
I think we should have a wider discussion before we publish an experiment to replace the existing historical and ST component XEPs with this. If discussion leads to a generally positive results, that’s all I’ll need to accept it. My current thoughts are that this is re-using S2S (good) but in such a way as to require special-casing anyway (reducing the utility of reuse), and that requiring the TLS auth and bidi makes the potential attack surface here a little higher than I’d like (bidi hasn’t had great success of successful implementations). I can be shouted down on this one. What are everyone’s thoughts? /K
