On 08/05/2024 16.42, Florian Schmaus wrote:
On 08/05/2024 12.41, Marvin W wrote:> To address your concerns I'd suggest the following changes to 0440:- Reduce tls-server-end-point to SHOULD for servers and MAY for clients, specifically mention that this is only for better compatibility.I'd like to note that we previously explicitly decided[1] that requiring a common channel-binding type would increase security. And that type had to be tls-server-end-point, as it is generally available. That is why the XEP currently says that servers MUST support tls-server-end-point.
And now I also have the link to the thread with the motivation that there should be at least one common cb type:
https://web.archive.org/web/20221129011623/https://mail.jabber.org/pipermail/standards/2020-July/037610.html(Thanks to travis for pointing out that the old ML archives are still available via archive.org)
Note that a probably relevant remark from Dave is that mandatory-to-implement does not automatically imply mandatory-to-deploy. :)
- Flow
OpenPGP_signature.asc
Description: OpenPGP digital signature
_______________________________________________ Standards mailing list -- [email protected] To unsubscribe send an email to [email protected]
