Following on the work that Yaron Sheffer, Ralph Holz, and I did on best practices for SSL/TLS in application protocols, Thijs Alkemade and I have now applied those recommendations to XMPP in the form of RFC 7590 (published today). This document explicitly updates the security considerations of the core XMPP spec and thus helps us further strengthen the security properties of the Jabber/XMPP network. Naturally there is still much to be done, but this is another step in the right direction...