[Standards] LAST CALL: XEP-0368 (SRV records for XMPP over TLS)
travis at burtrum.org
Wed Feb 15 14:32:39 UTC 2017
On 02/15/2017 05:54 AM, Kim Alvefur wrote:
> As for security, I'm concerned that the added complexity of mixing
> STARTTLS and Direct TLS will lead to security problems. Doing it one way
> or the other has, as have been noted before, mostly equivalent security
> properties, but doing both seems to me like it gives us the most
> complexity. Making security related code more complicated for what
> amounts to an optimization does not strike me as the best idea.
Yes this is a fair point that I tried to address, and is why I specified:
"All security setup and certificate validation code SHOULD be shared
between the STARTTLS and direct TLS logic as well."
Because that's the most secure way to implement it, and how it is
implemented in Conversations.
More information about the Standards