From 6f8bd4f24028855d57e39e7129b5ba72aca85fa9 Mon Sep 17 00:00:00 2001
From: Florian Schmaus <flo@geekplace.eu>
Date: Tue, 30 Jan 2024 11:19:26 +0100
Subject: [PATCH] XEP-SASL-CB-TYPES (440): recommend tls-exporter over
 tls-server-end-point

---
 xep-0440.xml | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/xep-0440.xml b/xep-0440.xml
index 8619d0986..6f579f410 100644
--- a/xep-0440.xml
+++ b/xep-0440.xml
@@ -23,6 +23,14 @@
   <supersededby/>
   <shortname>sasl-cb-types</shortname>
   &flow;
+  <revision>
+    <version>0.4.1</version>
+    <date>2024-30-30</date>
+    <initials>fs</initials>
+    <remark>
+      Recommend the usage of tls-exporter over tls-server-end-point
+    </remark>
+  </revision>
   <revision>
     <version>0.4.0</version>
     <date>2022-09-21</date>
@@ -162,7 +170,9 @@
 
   <p>As further mitigation, servers MUST and clients are RECOMMENDED to
   at least implement the channel-binding type tls-server-end-point (&rfc5929;)
-  to increase the probability of a mutual supported channel-binding type.</p>
+  to increase the probability of a mutual supported channel-binding type. However,
+  due its improved security properties, the tls-exporter (&rfc9266;) channel-binding
+  type should be prefered over tls-server-end-point.</p>
 
 </section1>
 
@@ -189,8 +199,8 @@
   <p>Thanks to Sam Whited for the discussion about the underlying
   issue and incentivizing me to come up with this extension. Further
   thanks goes to Ruslan N. Marchenko for pointing out the possible
-  MITM attack vector. Last but not least, Dave Cridland and Thilo Molitor
-  provided valuable feedback.</p>
+  MITM attack vector. Last but not least, Dave Cridland, Thilo Molitor,
+  and Simon Josefsson provided valuable feedback.</p>
 
 </section1>