[Standards] Advance XEP-0368 to Proposed

Kim Alvefur zash at zash.se
Tue Jan 24 13:08:36 UTC 2017

On Thu, Jan 19, 2017 at 03:19:12PM -0500, Travis Burtrum wrote:
> I am proposing advancing XEP-0368 from Experimental to Proposed, and the
> XSF MUC said to do this by sending an email to the standards list.
> https://xmpp.org/extensions/xep-0368.html
> Any thoughts?

> TLS provides more security than STARTTLS if RFC 7590 [4] is not
> followed, as it isn't subject to STARTTLS stripping.

I strongly object to this. "Direct" TLS and STARTTLS is exactly
equivalent security-wise. In the absence of DNSSEC, you can just as well
strip the SRV records that point to the "direct" TLS port, and you can
attempt STARTTLS even if the advertising is stripped, or give up and
throw a security exception.

I assert that this is only an optimization that lets you skip a few
round trips.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://mail.jabber.org/pipermail/standards/attachments/20170124/d5efd950/attachment.sig>

More information about the Standards mailing list