Dnia 2015-11-09, pon o godzinie 17:33 -0500, Travis Burtrum pisze: > That seems like a ridiculous question to me. If not, why even bother > with STARTTLS/TLS in the first place? It *could* be used for > circumventing security policies after all.
Your own words from the XEP: "at least equal and perhaps increased security and privacy over using STARTTLS. It also provides an easy way for clients to bypass restrictive firewalls that only allow HTTPS, and for servers to host multiple protocols/services on a single port" I'm pointing that: - designing to bypass security policies may not be a well received reasoning - hosting multiple protocols on a single port is a job of protocol level multiplexer - standard _tcp records are just fine here - if your admin wants to block you on protocol level (not simple port blocking), it is just as "trivial" to target DNS, ALPN etc. as to target XMPP protocol blocking Could you elaborate how TLS instead of STARTTLS may perhaps increase security, as this is not clear to me? -- /o__ (_<^' The heart is not a logical organ.
signature.asc
Description: This is a digitally signed message part
