[Standards] Proposed XMPP Extension: SRV records for XMPP over TLS

Peter Saint-Andre stpeter at stpeter.im
Wed Dec 9 18:32:07 UTC 2015


On 12/9/15 11:28 AM, Matthew Wild wrote:
> On 9 December 2015 at 17:50, Travis Burtrum <travis at burtrum.org> wrote:
>> On 12/09/2015 05:58 AM, Dave Cridland wrote:
>>> - The SRV label form probably ought to follow the precedent set by RFC
>>> 6186, even though I think that's uglier.
>>
>> I am fine with changing the SRV format from the current
>> _xmpp-client._tls/_xmpp-server._tls to
>> _xmpps-client._tcp/_xmpps-server._tcp instead.  That a single one is
>> chosen is really all that matters, we don't want a SIP scenario where
>> _sips._tcp is in the standard yet most clients look for _sip._tls so in
>> practice both have to be set...
>>
>> I'm not sure if it's appropriate to mention in this XEP, but I'd prefer
>> it be explicit somewhere that SSL is not acceptable, only TLS is, and
>> *preferably* TLSv1.2+?  _tls kind of implied that, xmpps doesn't seem as
>> strong to me.
>
> I think that's out of scope. As soon as TLS 1.2 is deprecated or
> deemed insecure, it would send this document out of date. However the
> mechanism described will remain valid for all versions, so I think it
> would be better for this spec to remain detached.
>
> RFC 6120 already references TLS 1.2, though I'm not sure if we have
> anything more concrete regarding TLS protocol versions. If we were to
> do that, it would make sense to put it on a parallel track to this
> protoXEP, because we'd also want the recommendations to apply equally
> to conventional starttls connections.

RFC 7590 updates RFC 6120 with respect to TLS:

https://datatracker.ietf.org/doc/rfc7590/

And it normatively references and profiles RFC 7525, which talks about 
TLS versions:

https://datatracker.ietf.org/doc/rfc7525/

Peter



More information about the Standards mailing list