[Standards] XEP-0178: Clarify SASL-EXTERNAL specification when s2s auth fails

Holger Weiß holger at zedat.fu-berlin.de
Tue Jun 30 17:27:31 UTC 2020


* Ruslan N. Marchenko <me at ruff.mobi> [2020-06-30 18:58]:
> Now if EXTERNAL fails - that means there's something wrong with the
> certificates. And proposal to fail back to dialback means we want to
> tolerate certificate validation errors. Which is a downgrade.

Whether or not this downgrade is acceptable is a policy decision.  The
proposed change to XEP-0178 allows for implementing either policy
decision in a sane way.  No?

Holger


More information about the Standards mailing list