On 02/15/2017 05:54 AM, Kim Alvefur wrote: > As for security, I'm concerned that the added complexity of mixing > STARTTLS and Direct TLS will lead to security problems. Doing it one way > or the other has, as have been noted before, mostly equivalent security > properties, but doing both seems to me like it gives us the most > complexity. Making security related code more complicated for what > amounts to an optimization does not strike me as the best idea.
Yes this is a fair point that I tried to address, and is why I specified: "All security setup and certificate validation code SHOULD be shared between the STARTTLS and direct TLS logic as well." Because that's the most secure way to implement it, and how it is implemented in Conversations. _______________________________________________ Standards mailing list Info: https://mail.jabber.org/mailman/listinfo/standards Unsubscribe: [email protected] _______________________________________________
