Hi,
I think most of use can agree that TLS1.3 and tls-exporter is where we
want to end up at. I will likely modify the 'Require Channel Binding'
setting in Conversations to require that specific channel binding
instead of just any. However on the path toward that goal and to
provide good error messages in case client side requirements with
regards to channel binding are not met we need negotiation.
Furthermore I believe that even the weaker channel binding mechanisms
are better than not having them. It puts more hurdles into the
attackers way. Attackers aren’t always perfect. In the case of
jabber.ru it looked a lot like they were throwing vanilla proxy
software at the problem and not something specifically tailored to
break XMPP.
The other 'not really an attack' attack that even weak channel binding
can detect is when people for what ever reason install custom CA
certificates on the phone.
I agree that the current phrasing of the XEP with regards to
server-end-point is not the best.
cheers
Daniel