[xnyhps]

Will modern clients warn loudly if a server suddenly stops offering channel binding? Otherwise it is trivial to downgrade.

[MattJ100]

They do, yes. It's certainly a requirement if channel binding is to work at all.

Additionally there is this proposal to also detect attempted downgrade of the channel binding and SASL mechanism lists themselves: https://xmpp.org/extensions/xep-0474.html - which we're currently looking for expert eyes on, if you know any... :)

[wiktor-k]

Conversations.im shows a login failure in this case. See: https://gultsch.social/@daniel/111285494250772742