On Wed, Oct 30, 2013 at 4:55 PM, Peter Saint-Andre <stpe...@stpeter.im>wrote:
> >> Do we need, to be consistent, to disable the protocol but > >> indicate to the user he will need to perform an extra action to > >> be able to connect, or do we need to make the connection > >> impossible in any case? > > IMHO it's usually not a great idea to give the user insecure options. :) > At the risk of derailing discussions or adding noise, it's worth noting that not everyone's opinion of what is insecure is the same and varies by context. I have worked with some XMPP systems where the connection method doesn't involve TLS that I would consider pretty secure. Service providers on the Internet will probably be fine with committing to all this stuff, but we should (IMNSHO) continue to stop short of suggesting to devs what their software needs to do by default (I think it's sensible to suggest things that need to be supported). /K
_______________________________________________ JDev mailing list Info: http://mail.jabber.org/mailman/listinfo/jdev Unsubscribe: jdev-unsubscr...@jabber.org _______________________________________________