[Standards] Call for Experience: XEP-0368: SRV records for XMPP over TLS
sam at samwhited.com
Tue Feb 11 19:34:33 UTC 2020
On Tue, Feb 11, 2020, at 11:29, Jonas Schäfer wrote:
> 1. What software has XEP-0368 implemented?
I have implemented this in my XMPP library which is used by several
small clients, bots, and notification services. The documentation for
the relevant package (and links to the source) can be found at:
> 2. Have developers experienced any problems with the protocol as
> defined in XEP-0368? If so, please describe the problems and, if
> possible, suggested solutions.
I have experienced the same problems Philipp mentioned and am ignoring
these parts of the spec. Because of this, I think the SRV record mixing
needs to be fixed before this specification is allowed to move forward.
> 3. Is the text of XEP-0368 clear and unambiguous?
In the glossary definition for "Direct TLS" the definition is oddly
phrased. "like how HTTPs works" both sounds odd to me grammatically, and
it is unclear what it means unless you understand HTTPS which may or may
not be a reasonable assumption. I think this entire definition needs to
In section 5, "Implementation Notes", ALPN is referenced several times
but it is not expanded anywhere that I see; maybe the acronym should be
expanded on first use? There is a link to the RFC, I'm not sure if
that's good enough though since XEPs may be printed.
In section 5, "Implementation Notes", a sentence ends "disabled by a
user due to privacy reasons". The phrase "due to privacy reasons" sounds
odd to me, but I couldn't say why. It's probably not worth having it
there, "it may be disabled by a user" is good enough.
DNSSEC is mentioned in the security considerations but it's not linked
and the acronym is never expanded.
In section 7, "IANA Considerations", the ALPN RFC is linked again. I'm
not sure if this is a problem or not, it just feels weird that the RFC
is linked in several sections but not in others. I'd just link to it on
first mention of ALPN. This is a very minor nit pick though.
More information about the Standards