4 Nov
2025
4 Nov
'25
5:10 a.m.
Hi Simon,
since tls-unique has known weaknesses:
https://datatracker.ietf.org/doc/html/rfc9266#section-1
That might be true, but all
reasonable implementations of TLS 1.2 nowadays use
the extended master secret. For example OpenSSL 1.1.0 released in August 2016.
So I'm inclined to consider this an issue fixed long ago.
and doesn't work with TLS 1.3, so tls-unique
requires TLS 1.2 which is
generally less secure than TLS 1.3.
Where do you take that from? Afaik TLS 1.2
isn't less secure than TLS 1.3 (but
a bit slower regarding connection establishment). But if you could provide
some pointers, I would be happy to be corrected.
-tmolitor
Daniel Gultsch <daniel(a)gultsch.de> writes:
> Hi,
>
> with my editor hat on please note that a new version of this XEP has
> been published that should address some of the concerns.
> Also with my editor hat on I’m taking the liberty to extend the LC by
> another week to give people time to review the new version.
>
> With my council hat on I’m considering the endpoint v exporter
> concerns addressed. This is both due to the new Business rules that
> clearly outline the benefits of a common (minimum) binding mechanism
> and due to some discussions that happened in the kitten WG. The
> (somewhat related) discussion on Kitten revolved around deprecating
> endpoint in favor exporter at which multiple people spoke out against
> this.
>
> cheers
> Daniel
> _______________________________________________
> Standards mailing list -- standards(a)xmpp.org
> To unsubscribe send an email to standards-leave(a)xmpp.org