[Standards] XEP-0178: Clarify SASL-EXTERNAL specification when s2s auth fails
holger at zedat.fu-berlin.de
Tue Jun 30 17:27:31 UTC 2020
* Ruslan N. Marchenko <me at ruff.mobi> [2020-06-30 18:58]:
> Now if EXTERNAL fails - that means there's something wrong with the
> certificates. And proposal to fail back to dialback means we want to
> tolerate certificate validation errors. Which is a downgrade.
Whether or not this downgrade is acceptable is a policy decision. The
proposed change to XEP-0178 allows for implementing either policy
decision in a sane way. No?
More information about the Standards