On 09/25/2017 07:03 AM, Dave Cridland wrote: > On 25 September 2017 at 06:14, Travis Burtrum <tra...@burtrum.org> wrote: >> On 09/22/2017 08:39 AM, Dave Cridland wrote: >>> a) I query whether ALPN needs to be SHOULD rather than MAY, >>> particularly for S2S cases. >> >> That very well could be. I'll give you the background, and the exact >> wording can be discussed. >> >> ALPN is only required for easy multiplexing multiple services on a >> single TLS port. On the server, it has the upside of being simple, a >> standard, and easy to do. On the client, it has the downside of >> announcing to the network that you will be talking xmpp in this TLS >> stream. (same as STARTTLS today) >> >> So once firewalls start looking at and blocking connections based on >> ALPN, clients need the option to try again without ALPN (or even to try >> first without ALPN). >> >> So MAY might be a better fit? I just don't want to make it MUST. > > It might be better as a MAY. > > For S2S, I don't see that we're likely to run into any problem for > which the best solution is ALPN. For C2S, the only case I can see the > utility is in "traversing" (ie, exploiting) old HTTPS-only firewalls, > but we also have WebSocket for that. Most of the features ALPN > provides are already taken care of by the SRV discovery. > > Support is spotty, as you say, and it's not clear to me that ALPN is > an inherent part of this protocol, in the way SNI is. > > This is not to say that ALPN isn't useful at all - but I don't think > it makes much difference to XEP-0368's success.
I was originally going to say ALPN wasn't as useful for S2S, but then I remembered IPv4's were getting harder to come by and who's to say in a few years companies won't be selling dedicated servers without public IPs and multiplexing with SNI/ALPN and such. It might end up being more important than we think of it today. Also as you said this isn't buying us any workarounds we didn't already have with WebSocket, this is just vastly simpler. _______________________________________________ Standards mailing list Info: https://mail.jabber.org/mailman/listinfo/standards Unsubscribe: standards-unsubscr...@xmpp.org _______________________________________________
