On Wed, 3 Aug 2022 at 16:19, Kim Alvefur <[email protected]> wrote: > On Wed, Aug 03, 2022 at 03:22:14PM +0200, Florian Schmaus wrote: > >Could you elaborate on why you believe that narrowing the XEPs scope > >(e.g., to STUN/TURN) would be a good idea? > > We don't need it for anything else. Since it is already widely deployed > and used, we can see that it is not used for anything else. While > someone might come up with alternate uses in the future, it is hard to > know if the requirements and especially the security considerations > still apply. It might not be flexible enough, despite its genericness, > to be used for anything, otherwise why did we need XEP-0363? As per > [rfc9170], unused extensibility is problematic if it is not used, which > may or may not be applicable here.
There is no implementation right now, but I am strongly considering support for authenticated HTTP proxies on the server side. The intention would be to allow clients to fetch media shared with them using HTTP links, but without trivially exposing their IP address to third parties (as happens today). Naturally this proxy service would need authentication, very similar to how STUN/TURN work already. I have long considered that XEP-0215 would be the appropriate mechanism for this. I still don't see any reason why it couldn't be, and therefore no reason to prematurely limit it to STUN/TURN. Regards, Matthew _______________________________________________ Standards mailing list Info: https://mail.jabber.org/mailman/listinfo/standards Unsubscribe: [email protected] _______________________________________________
