On 7/19/19 7:52 AM, Florian Schmaus wrote: > On 19.07.19 07:36, Travis Burtrum wrote: >>> If the initiating party cannot connect via either SRV record, it >> SHOULD perform A/AAAA fallback to port(s) of it's choice (perhaps 443, >> 5223, etc) because, in the absence of DNSSEC, SRV records cannot be trusted. > > If in the absence of DNSSEC SRV records cannot be trusted, which is of > course true, why should you trust A/AAAA resource records?
That is a fair question, there are a few reasons I can think of, poorly configured networks either intentionally or not, tor dns supports A/AAAA but not SRV, maybe others? But more importantly you aren't implicitly trusting them, only if the TLS cert is valid do you connect, so I don't see the harm in attempting to connect anyway, where as giving up early can cause harm in the form of a user not being able to connect. _______________________________________________ Standards mailing list Info: https://mail.jabber.org/mailman/listinfo/standards Unsubscribe: standards-unsubscr...@xmpp.org _______________________________________________