On 2/10/21 10:10 AM, Dave Cridland wrote:
(Sorry, I'm replying slowly, having to carve out time at the moment).On Wed, 3 Feb 2021 at 17:34, Sonny Piers <[email protected] <mailto:[email protected]>> wrote:__ I agree with the points raised, but I suggest we forget about public deployments, looks like the only valid use case for this proposal is to have default endpoints for non-public facing services (CI, localhost, development, ...)So are you suggesting these are formally scoped for default values for non-production environments?The XEP is a recommendation for server to default to `ws://service:5280/xmpp-websocket` and `wss://service:5443/xmpp-websocket` instead of current arbitrary endpoints.And this would be for a CI, test, etc deployment only? So if a server has a "test mode", it would run like this, as opposed to a "production mode" where it disables unencrypted connections by default, etc?
Those questions probably indicate that my idea of the "implicit websocket endpoints" ProtoXEP was misunderstood. Which means that this should be clarified in the ProtoXEP.
Do not think about it as "the server/service has to provide those endpoints", but instead of "clients may want to try, depending on their policy, those implicit endpoints (in case none where discovered)".
If a server provides unencrypted connectivity, and if a client wants to make use of it, is always decided by the server/client itself. No XEP should mandate unencrypted connections.
- Florian
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ Standards mailing list Info: https://mail.jabber.org/mailman/listinfo/standards Unsubscribe: [email protected] _______________________________________________
