[Standards] component-s2s

Kevin Smith kevin.smith at isode.com
Wed Feb 4 21:29:10 UTC 2015


Hi folks, 
 I’m -1 on the component-s2s spec. I’ve been backwards and forwards a number of times on whether to use the veto or not, and I’m using it in the lightest sense.

I think we should have a wider discussion before we publish an experiment to replace the existing historical and ST component XEPs with this. If discussion leads to a generally positive results, that’s all I’ll need to accept it.

My current thoughts are that this is re-using S2S (good) but in such a way as to require special-casing anyway (reducing the utility of reuse), and that requiring the TLS auth and bidi makes the potential attack surface here a little higher than I’d like (bidi hasn’t had great success of successful implementations).

I can be shouted down on this one.

What are everyone’s thoughts?

/K


More information about the Standards mailing list