On Mon, Feb 13, 2017 at 03:55:13PM -0600, Sam Whited wrote: > On Mon, Feb 13, 2017 at 3:43 PM, Ruslan N. Marchenko <[email protected]> wrote: > > I don't understand what do we need to hide here by summoning port 5223 from > > the oblivion. > > This is another reason why I think that privacy/security statement > needs to be removed; it just leads to this sort of confusion. > > I think we're *not* hiding anything here, we're just saving a few > round trips. That's the benefit I see to this XEP: If you know you're > using TLS, just start using it, why bother negotiating an upgrade? > Ok, perhaps it makes sense to save a roundtrip on some corner cases but then again - if time is such a valuable commodity for this use case - why on earth would one do SRV lookup with its indefinite response time for recursive search and validation?
There's no overhead in implementation - calls to secure socket and restart stream are all there, this xep just arranges them in different order, while adding one more negothiation method and service definition. > I understand that not everyone needs to save these round trips, but I > see that as the primary benefit of this XEP for people who do need to > save it; trying to frame it as a security thing will just confuse > people or make them think that the existing STARTTLS stuff is "bad" > somehow. > > —Sam > _______________________________________________ > Standards mailing list > Info: https://mail.jabber.org/mailman/listinfo/standards > Unsubscribe: [email protected] > _______________________________________________ _______________________________________________ Standards mailing list Info: https://mail.jabber.org/mailman/listinfo/standards Unsubscribe: [email protected] _______________________________________________
