On Tue, Oct 14, 2025 at 9:21 AM Daniel Gultsch <[email protected]> wrote:
> 1. Is this specification needed to fill gaps in the XMPP protocol > stack or to clarify an existing protocol? Honestly I think we have been sitting on this XEP for so long that it has outlived it’s usefulness in many ways. In practice most implementations will just do tls-exporter over TLS1.3. Library support for that has been improved since this XEP was first proposed. tls-unique on the other hand has security issues and (AFAIK can not even be implemented on iOS for example) I‘m also reasonably sure that any deployment large enough to do TLS termination can figure out how to transfer the exporter bytes to the backend. Personally I see two ways forward. We scrap this XEP or we remove anything that recommends any binding mechanism over another. Basically we keep the XEP as a way to signal what binding mechanism the server supports and that’s it. cheers Daniel _______________________________________________ Standards mailing list -- [email protected] To unsubscribe send an email to [email protected]
