On Tue, 27 Sept 2022 at 08:39, Daniel Gultsch <dan...@gultsch.de> wrote:
> But I agree that it should be optional; I already said this in the ISR > thread: There are plenty of scenarios where channel binding is not an > option. > Before committing to this, some observations: - HT-*-NONE is needed for cases where there's no TLS at all. These are rare, but there's legitimate cases where this is a sensible choice. - Channel bindings can be used in cases where TLS is terminated in advance by either: - Using TLS Endpoint channel bindings, which merely mean the XMPP server needs to know the certificate which is to be used, or - Just going through the motions and blindly accepting the client's channel binding choice, perhaps most sensibly by again using tls-server-end-point So I'm not *against* a HT-*-NONE, but I wonder if we should promote the second bullet-point above the first? Dave.
_______________________________________________ Standards mailing list Info: https://mail.jabber.org/mailman/listinfo/standards Unsubscribe: standards-unsubscr...@xmpp.org _______________________________________________