4 Nov
2025
4 Nov
'25
5:19 a.m.
Thilo Molitor <thilo(a)eightysoft.de> writes:
Granted, this isn't a binary "full security" or "no security"
difference, but a balance, but still I would put up a red flag at anyone
chosing TLS 1.2 while rejecting TLS 1.3. Some references:
https://tolumichael.com/is-tls-1-2-deprecated-key-difference-from-tls-1-3/
https://software.land/tls-1.2-vulnerability/
https://developer.mozilla.org/en-US/docs/Web/Security/Transport_Layer_Secur…
/Simon
and
doesn't work with TLS 1.3, so tls-unique requires TLS 1.2 which is
generally less secure than TLS 1.3.
Where do you take that from? Afaik TLS 1.2
isn't less secure than TLS 1.3 (but
a bit slower regarding connection establishment). But if you could provide
some pointers, I would be happy to be corrected. -tmolitor
Daniel Gultsch <daniel(a)gultsch.de> writes:
> Hi,
>
> with my editor hat on please note that a new version of this XEP has
> been published that should address some of the concerns.
> Also with my editor hat on I’m taking the liberty to extend the LC by
> another week to give people time to review the new version.
>
> With my council hat on I’m considering the endpoint v exporter
> concerns addressed. This is both due to the new Business rules that
> clearly outline the benefits of a common (minimum) binding mechanism
> and due to some discussions that happened in the kitten WG. The
> (somewhat related) discussion on Kitten revolved around deprecating
> endpoint in favor exporter at which multiple people spoke out against
> this.
>
> cheers
> Daniel
> _______________________________________________
> Standards mailing list -- standards(a)xmpp.org
> To unsubscribe send an email to standards-leave(a)xmpp.org
_______________________________________________
Standards mailing list -- standards(a)xmpp.org
To unsubscribe send an email to standards-leave(a)xmpp.org