[Standards] NEW: XEP-0440 (SASL Channel-Binding Type Capability)
flo at geekplace.eu
Sun Jul 26 16:57:19 UTC 2020
On 7/21/20 8:28 PM, Dave Cridland wrote:
> On Tue, 21 Jul 2020 at 18:57, Florian Schmaus <flo at geekplace.eu
> <mailto:flo at geekplace.eu>> wrote:
> Based on the discussion in this thread, I suggest the following changes
> Is it worth making tls-server-endpoint an MTI for XEP-0440?
> It is, as you note, trivial to implement, and as we always chant, MTI is
> Mandatory to Implement, not Mandatory to Deploy.
> But it means anything using XEP-0440 MUST implement (and PROBABLY SHOULD
> deploy) a common binding that's reasonably well understood, provides
> some significant protection, and is easy to implement. If it turns out
> we really need something better later, we can review and change the MTI.
> It also means that if it is not offered, one assumes the server
> administrator has some very good reasons for doing so.
That is a good point.
As further mitigation, it is RECOMMENDED to implement the
channel-binding type tls-server-end-point (RFC 5929 ) to increase the
probability of a mutual supported channel-binding type.
Updated diff at:
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 618 bytes
Desc: OpenPGP digital signature
More information about the Standards