[Standards] LAST CALL: XEP-0368 (SRV records for XMPP over TLS)

Florian Schmaus flo at geekplace.eu
Tue Feb 14 09:35:20 UTC 2017


On 14.02.2017 09:37, Ruslan N. Marchenko wrote:
> On Mon, Feb 13, 2017 at 03:55:13PM -0600, Sam Whited wrote:
>> On Mon, Feb 13, 2017 at 3:43 PM, Ruslan N. Marchenko <me at ruff.mobi> wrote:
>>> I don't understand what do we need to hide here by summoning port 5223 from
>>> the oblivion.
>>
>> This is another reason why I think that privacy/security statement
>> needs to be removed; it just leads to this sort of confusion.
>>
>> I think we're *not* hiding anything here, we're just saving a few
>> round trips. That's the benefit I see to this XEP: If you know you're
>> using TLS, just start using it, why bother negotiating an upgrade?
>>
> Ok, perhaps it makes sense to save a roundtrip on some corner cases but
> then again - if time is such a valuable commodity for this use case -
> why on earth would one do SRV lookup with its indefinite response time
> for recursive search and validation?

You can cache SRV RRs, but you can't avoid <starttls/> if it is the only
way to establish TLS.

I also don't think that the <starttls/> roundtrip avoidance is a corner
case. Nearly every mobile XMPP application wants to do that.

- Florian

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 610 bytes
Desc: OpenPGP digital signature
URL: <http://mail.jabber.org/pipermail/standards/attachments/20170214/c18101c8/attachment.sig>


More information about the Standards mailing list