14 Oct
2025
14 Oct
'25
5:01 a.m.
On Tue, 14 Oct 2025 at 09:03, Daniel Gultsch <daniel(a)gultsch.de> wrote:
Personally I see two ways forward. We scrap this XEP
or we remove
anything that recommends any binding mechanism over another. Basically
we keep the XEP as a way to signal what binding mechanism the server
supports and that’s it.
I'm in favour of the latter. I know opinions vary (strongly) about
whether 'tls-server-end-point' should be deployed by anyone ever, but
for as long as there could be multiple channel binding methods (now or
in the future) and we don't encode these in mechanism names (as SCRAM
doesn't) then I think we should have a way for the server to advertise
supported methods separately to SASL mechanisms, or we risk
interoperability issues.
Regards,
Matthew