Another use case of tls-server-end-point is for cases where you are unable to support tls-exporter, ie. in some languages TLS/SSL stack doesn’t expose data required for tls-exporter. In those cases it is better to have tls-server-end-point for channel binding instead of not having anything available.

Wiadomość napisana przez Holger Weiß <holger@zedat.fu-berlin.de> w dniu 11.01.2024, o godz. 13:39:

* Simon Josefsson <simon@josefsson.org> [2024-01-11 13:10]:
I believe tls-server-end-point is generally best left unimplemented to
guide efforts towards supporting the stronger tls-exporter.

One use case I see for tls-server-end-point is that it allows for supporting channel binding by setups where TLS is terminated by some reverse proxy, thereby protecting against _some_ but not all attack vectors that tls-exporter protects against.

Holger
_______________________________________________
Standards mailing list -- standards@xmpp.org
To unsubscribe send an email to standards-leave@xmpp.org

Regards,
Andrzej Wójcik

XMPP: andrzej.wojcik@tigase.org
Email: andrzej.wojcik@tigase.net