On Tue, Jan 24, 2017 at 2:13 PM, Travis Burtrum <tra...@burtrum.org> wrote: > I still disagree, I know in the wild you will find poorly written > clients and servers that fall back to plain text when confronted with > STARTTLS stripping, but you will NEVER find software that falls back to > plaintext over direct TLS, because it's simply not possible.
Sure it is; client doesn't see SRV records for XMPPS, so it attempts to connect without TLS on the normal xmpp port (which it does have SRV records for because the person poisoning the DNS is trying to get you to use tohse); it's the exact same thing as a client not seing STARTTLS (because someone's in the middle stripping it) and therefore falling back to not negotiating it. The behavior is wrong, but there's not much we can do about it. —Sam _______________________________________________ Standards mailing list Info: https://mail.jabber.org/mailman/listinfo/standards Unsubscribe: standards-unsubscr...@xmpp.org _______________________________________________
