On Thu, Feb 14, 2019 at 2:20 PM, Wiktor Kwapisiewicz
<[email protected]> wrote:
SASL EXTERNAL has some practical issues, like client certs being sent
in cleartext [1] and the fact that for example Android requires lock
screen to be on to add client certs to the store not to mention
problems in browsers (browsers generally can do client certs but I'm
not sure if any XMPP server would do client cert handshake over
websockets).
[1] is solved via ESNI extension (IETF I-D in progress)
[2] you can use your own certificate storage without relying on Android
library
and w.r.t Web clients: adopting XMMP servers implementation is the
least of the problems.
I strongly advice to go a well-established certificate way without
re-inventing wheels just to solve momentary up-to-the-minute problems.
_______________________________________________
Standards mailing list
Info: https://mail.jabber.org/mailman/listinfo/standards
Unsubscribe: [email protected]
_______________________________________________
