On Wed, 3 Feb 2021 at 07:33, Jonas Schäfer <jo...@wielicki.name> wrote:
> The XMPP Extensions Editor has received a proposal for a new XEP. > > Title: Implicit XMPP WebSocket Endpoints > Abstract: > This document specifies implicit connection endpoints for XMPP over > WebSocket (RFC 7395). > > URL: https://xmpp.org/extensions/inbox/xep-iwe.html I'm leaning toward a veto here: 1) I don't think we want to mandate that a host listens by default on non-TLS services. It's impossible to do a StartTLS upgrade with HTTP (or Websockets), so these are inherently unencrypted. We have mandated use of encryption as a MUST now for several years, so this would reduce security, and I don't think we should go down that path. 2) This also weakens the need to run XEP-0156 in any form. I get that this is a bit of a pain, but it's also the best option we have. Relaxing the need for generic websocket usage to use this pathway also strengthens the need to operate the XMPP service on the host the service name resolves to by address lookup. I don't want to increase that need in production services, and otherwise this has the effect of reducing interoperability. I do not see a resolution for the above points, but rather than veto at this point I'd rather discuss first in case I've missed something. Dave.
_______________________________________________ Standards mailing list Info: https://mail.jabber.org/mailman/listinfo/standards Unsubscribe: standards-unsubscr...@xmpp.org _______________________________________________
