kevin.smith at isode.com
Wed Feb 4 21:29:10 UTC 2015
I’m -1 on the component-s2s spec. I’ve been backwards and forwards a number of times on whether to use the veto or not, and I’m using it in the lightest sense.
I think we should have a wider discussion before we publish an experiment to replace the existing historical and ST component XEPs with this. If discussion leads to a generally positive results, that’s all I’ll need to accept it.
My current thoughts are that this is re-using S2S (good) but in such a way as to require special-casing anyway (reducing the utility of reuse), and that requiring the TLS auth and bidi makes the potential attack surface here a little higher than I’d like (bidi hasn’t had great success of successful implementations).
I can be shouted down on this one.
What are everyone’s thoughts?
More information about the Standards