[Jabber-IETF] STARTTLS support for XMPP streams

Marshall Rose mrose+internet.ietf.jabber at dbc.mtview.ca.us
Fri Oct 11 01:23:52 CDT 2002


> Just curious, should we even bother reporting tls as a capability? Since 
> it isn't sent to the client in a 'secure' way, the client shouldn't 
> downgrade based on the lack of the capability, but should just fail. I 
> say 'should' because I'm not sure if there is or is not a valid use for 
> optional security.

this issue is well-known for protocols that have a start tls feature,
cf., Section 9 of rfc 3080 for the usual boilerplate (start reading at
"If the TLS transport security profile is used")
    
/mtr



More information about the xmppwg mailing list