Hi Dave! I'd argue that not supporting channel-binding means that you don't send any XEP-0440 related elements, rather than sending an empty XEP-0440 cb-list (and also don't advertise any *-PLUS methods, of course).
Imho that's fine with XEP-0388 which states: >All servers and clients supporting channel-binding MUST implement SASL Channel-Binding Type Capability (XEP-0440) [1]. So a server without cb, doesn't need to implement or send a XEP-0440 list at all. > The schema doesn't include a minOccurs, and that means minOccurs='1' by > default. This means at least one channel binding MUST be included. Is this > intentional? Per my reasoning above, I'd say: yes. -tmolitor Am Mittwoch, 5. November 2025, 11:57:38 CET schrieb Dave Cridland: > Thilo, sorry! > > I had somehow missed that SASL2 mandates XEP-0440. It makes a lot of sense. > > But... > > Openfire currently doesn't support any channel bindings. > > It is sometimes used in cases where there is no TLS at all. This is quite > deliberate and sensible in this case, please don't argue with this! This > means there will always be cases where there are no channel bindings > available (because there's no channel to bind to!). > > The schema doesn't include a minOccurs, and that means minOccurs='1' by > default. This means at least one channel binding MUST be included. Is this > intentional? > > I appreciate this is an oddball case (and I can support tls-server-endpoint > for most normal cases), but is this the intent here or was the expectation > that the minOccurs should be '0'? > > (I know tls-server-endpoint MUST be implemented, but MTI is not MTD etc). > > Dave. _______________________________________________ Standards mailing list -- [email protected] To unsubscribe send an email to [email protected]
