> 3. Start TLS in Basic. (In fact this is required by RFC 3920 so I don't 
> understand the confusion.)

Strictly speaking, TLS is a 'SHOULD' in RFC 3920, not a 'MUST', thus TLS 
is a 'Recommended', not a 'Required' in Basic Client 2008 (XEP 0211).

> 1. Stream Compression (XEP-0138) in the Basic levels. (ISTM that this should 
> not be necessary, since Transport Layer Security includes a compression 
> option and there should be support for it in common SSL libraries.)

For both TLS and Compression, I'm in favour of them being 'Recommended' in 
Basic Client 2008, 'Required' in Basic Server 2008, and a 'Required' in a 
future Basic Client 2010.

Since Servers take a while to be upgraded compared to the average IM 
client, this will give the server infrastructure time to properly support 
server-to-client encryption and compression.  It will also allow some IM 
clients, which currently do not support these features, to share in the 
marketing advantage of claiming 'Compliant with XMPP Basic Client 

Once they, being the IM Client developers, have signed onto the shiny icon 
bandwagon with a low entry bar, self-interest in having the same shiny 
icon as everyone else will ensure that their Client supports TLS and 
Compression when they become 'Required' in XMPP Basic Client 2010
('A Jabber Odyssey').

> 2. JID Escaping (XEP-0106) in the Basic levels. (This seems like a good idea 
> to me.)

See above.  Keep Basic Client 2008 relatively Basic, get them addicted, 
add features with each new edition of shiny icons and the developers will 
happily keep up.

> 3. Removing Entity Capabilities from the Basic levels. (Lots of objections on 
> the list, the main argument in favor is that there are some reputed security 
> concerns w.r.t. poisoning, but IMHO if you follow the spec these are not very 
> threatening. But the spec could be beefed up in this regard if desired.)

