On June 30, 2019 4:45:40 PM GMT+02:00, Sam Whited <[email protected]> wrote: >On Sun, Jun 30, 2019, at 09:54, Dave Cridland wrote: >> 1) It's not A/AAAA fallback "as per RFC 6120", because we're talking >> about a Direct TLS fallback. It should be per section... erm... >> 2) This document doesn't mention a A/AAAA fallback at all, and >perhaps >> that's right - do we ever want one with '368? >> > Please comment on-list. > >I've been meaning to change my library to do its fallback a little >differently, including trying direct TLS fallback A/AAAA fallback. DNS >often doesn't use any sort of security measures, so to prevent DNS >based >downgrade attacks it seems best to me to always try direct TLS on the >A/AAAA record, just as we always try StartTLS even if it's not >advertised.
Just to be clear, in the same way as for xmpp-client, as per RFC 2782? -- Cheers, ralphm _______________________________________________ Standards mailing list Info: https://mail.jabber.org/mailman/listinfo/standards Unsubscribe: [email protected] _______________________________________________
