On Wed, 1 Jul 2020 at 10:41, Dave Cridland <[email protected]> wrote:
> > > On Tue, 30 Jun 2020 at 19:46, Kim Alvefur <[email protected]> wrote: > >> This does result in a number of different possible configurations. Not >> great for something security related. Personally I hope we might be able >> to phase out Dialback in the future. Today, largely thanks to Let's >> Encrypt, more and more servers have valid certificates. So, the Dialback >> code paths are more and more disused. >> >> My own server requires valid certificates and this is mosly an issue >> with certain XSF members (you know who you are). As a bonus, many >> unmaintained certificates with expired certificates that I am unable to >> establish s2s with appear to be sources of spam, which I am spared from. > > > Getting rid of the dialback syntax entirely depends on whether we want to > get rid of S2S multiplexing ("Piggybacking") or not. Also XEP-0288 depends > on the dialback syntax. > > Ooops - no, it doesn't. XEP-0288 is independent, so it's just multiplexing. > FWIW, there are deployments around which - for sensible reasons - do not > use TLS at all, and having dialback is a useful way of > providing authentication without TLS, though it's not clear to me they need > even the security of the actual dialback token verification. > > Dave. >
_______________________________________________ Standards mailing list Info: https://mail.jabber.org/mailman/listinfo/standards Unsubscribe: [email protected] _______________________________________________
