XEP-SASL-CB-TYPES (440): recommend tls-exporter over tls-server-end-p…

…oint
xsf · Apr 15, 2024 · 6f8bd4f · 6f8bd4f
1 parent 56a1d04
commit 6f8bd4f
Showing 1 changed file with 13 additions and 3 deletions.
diff --git a/xep-0440.xml b/xep-0440.xml
@@ -23,6 +23,14 @@
   <supersededby/>
   <shortname>sasl-cb-types</shortname>
   &flow;
+  <revision>
+    <version>0.4.1</version>
+    <date>2024-30-30</date>
+    <initials>fs</initials>
+    <remark>
+      Recommend the usage of tls-exporter over tls-server-end-point
+    </remark>
+  </revision>
   <revision>
     <version>0.4.0</version>
     <date>2022-09-21</date>
@@ -162,7 +170,9 @@
 
   <p>As further mitigation, servers MUST and clients are RECOMMENDED to
   at least implement the channel-binding type tls-server-end-point (&rfc5929;)
-  to increase the probability of a mutual supported channel-binding type.</p>
+  to increase the probability of a mutual supported channel-binding type. However,
+  due its improved security properties, the tls-exporter (&rfc9266;) channel-binding
+  type should be prefered over tls-server-end-point.</p>
 
 </section1>
 
@@ -189,8 +199,8 @@
   <p>Thanks to Sam Whited for the discussion about the underlying
   issue and incentivizing me to come up with this extension. Further
   thanks goes to Ruslan N. Marchenko for pointing out the possible
-  MITM attack vector. Last but not least, Dave Cridland and Thilo Molitor
-  provided valuable feedback.</p>
+  MITM attack vector. Last but not least, Dave Cridland, Thilo Molitor,
+  and Simon Josefsson provided valuable feedback.</p>
 
 </section1>