On Sat, Jan 28, 2017 at 11:26 AM, XMPP Extensions Editor <edi...@xmpp.org> wrote: > 1. Is this specification needed to fill gaps in the XMPP protocol stack or to > clarify an existing protocol?
Yes > 2. Does the specification solve the problem stated in the introduction and > requirements? Partially. A minor nitpick: The requirements section isn't really requirements, it's the actual main content of the spec. In the introduction and security concerns there are claims that this spec provides "perhaps increased security and privacy over using STARTTLS". These claims use both passive language ("perhaps"), and I don't think are actually true (it's only slightly less trivial to detect that not-HTTPS is most likely being transmitted, and lots of corporate firewalls do this). Since these are weak statements to begin with, I'd like to see them taken out in case they mislead users. I don't think it provides any value to the specification to include claims like this anyways, true or false. It would be nice if these statements could be removed before the council votes; apologies for being late to the party in bringing this up again. > 3. Do you plan to implement this specification in your code? If not, why not? Yes. > 4. Do you have any security concerns related to this specification? Only that the claims of greater privacy over STARTTLS might be misleading. > 5. Is the specification accurate and clearly written? Yes. —Sam _______________________________________________ Standards mailing list Info: https://mail.jabber.org/mailman/listinfo/standards Unsubscribe: standards-unsubscr...@xmpp.org _______________________________________________