[Standards] XEP-0178: Clarify SASL-EXTERNAL specification when s2s auth fails

Ruslan N. Marchenko me at ruff.mobi
Tue Jun 30 18:36:09 UTC 2020


Am Dienstag, den 30.06.2020, 19:27 +0200 schrieb Holger Weiß:
> * Ruslan N. Marchenko <me at ruff.mobi> [2020-06-30 18:58]:
> > Now if EXTERNAL fails - that means there's something wrong with the
> > certificates. And proposal to fail back to dialback means we want
> > to
> > tolerate certificate validation errors. Which is a downgrade.
> 
> Whether or not this downgrade is acceptable is a policy
> decision.  The
> proposed change to XEP-0178 allows for implementing either policy
> decision in a sane way.  No?
> 
No, policy descision can be made without standard change - that's what
happenning right now. Piggybacking the standard to reflect someone's
_questionable_ policy decision is nor right thing to do. If someone
cannot configure EXTERNAL auth - let's just not advertise it, after all
it is negotiable.

--rr



More information about the Standards mailing list