On Sun, Jun 30, 2019, at 14:58, Ralph Meijer wrote: > Just to be clear, in the same way as for xmpp-client, as per RFC 2782?
I think so; I meant by fetching the A/AAAA record of the domain part of the JID, and then attempting to perform direct TLS if a connection is established. Then again, if an attacker can poison my DNS to send me a "." SRV record, they can probably mess with the A/AAAA records too so I suppose it doesn't matter all that much. Either way, if a connection is made at some point I'll probably try direct TLS whether it was advertised or not. —Sam _______________________________________________ Standards mailing list Info: https://mail.jabber.org/mailman/listinfo/standards Unsubscribe: standards-unsubscr...@xmpp.org _______________________________________________