[Standards] Re: LAST CALL: XEP-0440 (SASL Channel-Binding Type Capability)

On Tue, Oct 14, 2025 at 9:21 AM Daniel Gultsch <daniel(a)gultsch.de> wrote: Honestly I think we have been sitting on this XEP for so long that it has outlived it’s usefulness in many ways. In practice most implementations will just do tls-exporter over TLS1.3. Library support for that has been improved since this XEP was first proposed. tls-unique on the other hand has security issues and (AFAIK can not even be implemented on iOS for example) I‘m also reasonably sure that any deployment large enough to do TLS termination can figure out how to transfer the exporter bytes to the backend. Personally I see two ways forward. We scrap this XEP or we remove anything that recommends any binding mechanism over another. Basically we keep the XEP as a way to signal what binding mechanism the server supports and that’s it. cheers Daniel