On Tue, 30 Jun 2020 at 19:59, Holger Weiß <[email protected]> wrote:
> * Jonas Schäfer <[email protected]> [2020-06-30 17:59]: > > On behalf of the Council, I'd like to bring this pull request to the > attention > > of the community: > > > > https://github.com/xsf/xeps/pull/963 > > Wait, is this PR actually modifying the authentication step it intends > to change? I was assuming we're talking about XEP-0178, #3, step 7 (a), > where the spec tells the receiving server to close the connection if > initial certificate verification fails. The PR is instead changing step > 11 (b), where the receiving server checks the new stream's 'from' > against the certificate. > > I don't think that's the case, but it is certainly unclear. What it (attempts to, i think) say is that if the authorization identifier does not match, then... And it *also* says that the authorization identifier should be taken from the stream from, and that this ought to match any supplied during the EXTERNAL exchange itself. We should probably clarify this text, it *is* unclear, but I don't think this particular change makes it any less so. > Holger > _______________________________________________ > Standards mailing list > Info: https://mail.jabber.org/mailman/listinfo/standards > Unsubscribe: [email protected] > _______________________________________________ >
_______________________________________________ Standards mailing list Info: https://mail.jabber.org/mailman/listinfo/standards Unsubscribe: [email protected] _______________________________________________
