On Wed, 24 Aug 2022 at 07:56, Daniel Gultsch <dan...@gultsch.de> wrote:
> And yes we are currently implementing it. That's why I’m providing > feedback on the XEP. And yes we are using it with compression and yes > we do terminate TLS early and can’t use HT-* and yes we use PLAIN for > regular logins too and therefor we don’t have an issue with the > "downgrade" in security. > > Just on the TLS early termination, could you still support tls-server-end-point, which (IIRC) doesn't need anything but a static configuration of the server's certificate? It's also a SHOULD, I saw, in XEP-0440 - I'd be inclined to raise that to a MUST, even though I prefer tls-exporter if possible, because it's very easy to support. Assuming, of course, that any form of channel binding is possible. Dave.
_______________________________________________ Standards mailing list Info: https://mail.jabber.org/mailman/listinfo/standards Unsubscribe: standards-unsubscr...@xmpp.org _______________________________________________
