Thanks for the rewrite! While I still think this is a lost opportunity to mandate 'tls-exporter' for the XMPP eco-system, I think the new text is reasonable and does encourage use of 'tls-exporter'.
This all still feels to me similar that we mandate DES or RC4 because there are some environments that doesn't implement AES. I think at some point, the reasonable reaction isn't to mandate DES/RC4 but to say "sorry, you really ought to change and use AES". But I also realize there are different view-points on this, and the text seems like a reasonable compromise. However, I suggest to drop 'or tls-unique' from this sentence: Tls-server-end-point was picked, because it is the lowest denominator that can be implemented by virtually everyone and even though it isn't as strong as tls-exporter or tls-unique, since tls-unique has known weaknesses: https://datatracker.ietf.org/doc/html/rfc9266#section-1 and doesn't work with TLS 1.3, so tls-unique requires TLS 1.2 which is generally less secure than TLS 1.3. Thus, I think that in some environments, even tls-server-end-point could be considered more secure than tls-unique. If people migrate away from tls-server-end-point, they should migrate to tls-exporter, and not consider tls-unique. I think the sentence gives the wrong impression regarding this. /Simon Daniel Gultsch <[email protected]> writes: > Hi, > > with my editor hat on please note that a new version of this XEP has > been published that should address some of the concerns. > Also with my editor hat on I’m taking the liberty to extend the LC by > another week to give people time to review the new version. > > With my council hat on I’m considering the endpoint v exporter > concerns addressed. This is both due to the new Business rules that > clearly outline the benefits of a common (minimum) binding mechanism > and due to some discussions that happened in the kitten WG. The > (somewhat related) discussion on Kitten revolved around deprecating > endpoint in favor exporter at which multiple people spoke out against > this. > > cheers > Daniel > _______________________________________________ > Standards mailing list -- [email protected] > To unsubscribe send an email to [email protected]
signature.asc
Description: PGP signature
_______________________________________________ Standards mailing list -- [email protected] To unsubscribe send an email to [email protected]
