On 12/9/15 11:28 AM, Matthew Wild wrote:
On 9 December 2015 at 17:50, Travis Burtrum <[email protected]> wrote:
On 12/09/2015 05:58 AM, Dave Cridland wrote:
- The SRV label form probably ought to follow the precedent set by RFC
6186, even though I think that's uglier.
I am fine with changing the SRV format from the current
_xmpp-client._tls/_xmpp-server._tls to
_xmpps-client._tcp/_xmpps-server._tcp instead. That a single one is
chosen is really all that matters, we don't want a SIP scenario where
_sips._tcp is in the standard yet most clients look for _sip._tls so in
practice both have to be set...
I'm not sure if it's appropriate to mention in this XEP, but I'd prefer
it be explicit somewhere that SSL is not acceptable, only TLS is, and
*preferably* TLSv1.2+? _tls kind of implied that, xmpps doesn't seem as
strong to me.
I think that's out of scope. As soon as TLS 1.2 is deprecated or
deemed insecure, it would send this document out of date. However the
mechanism described will remain valid for all versions, so I think it
would be better for this spec to remain detached.
RFC 6120 already references TLS 1.2, though I'm not sure if we have
anything more concrete regarding TLS protocol versions. If we were to
do that, it would make sense to put it on a parallel track to this
protoXEP, because we'd also want the recommendations to apply equally
to conventional starttls connections.
RFC 7590 updates RFC 6120 with respect to TLS:
https://datatracker.ietf.org/doc/rfc7590/
And it normatively references and profiles RFC 7525, which talks about
TLS versions:
https://datatracker.ietf.org/doc/rfc7525/
Peter
_______________________________________________
Standards mailing list
Info: http://mail.jabber.org/mailman/listinfo/standards
Unsubscribe: [email protected]
_______________________________________________
