[Top] [All Lists]

Re: [ietf-smtp] ALPN

2021-07-08 21:51:42
It appears that Jeremy Harris  <jgh(_at_)wizmail(_dot_)org> said:
Should we request a TLS ALPN identifier?

Maybe we should request two, one for SMTP and one for SUBMIT.

I asked one of the draft's authors if he knows why POP and IMAP have ALPNs
and SMTP doesn't.

I do worry about getting the ALPNs right in the common case that the same host
offers SMTP, SUBMIT, POP, and IMAP.

Current registry:

Draft recommendation:

  - Section 5 "Applicability Statement" lists "SMTP traffic".
  - Section 3.8 "Application-Layer Protocol Negotiation" says that the TLS
    must support - but nothing is said about the application layer actually
    making use.

Implementing a defensive-only ALPN check (refusing a TLS startup, as
server, if anything but the obvious choice of "smtp" is offered as a
requested ALPN by the client) is not hard coding for either OpenSSL
or GnuTLS.  Locking out retries with downgrade to cleartext would be
more effort, but perhaps not relevant as a defence against the ALPACA

In client MTA mode I'd expect the coding to make an ALPN request to
be similarly simple. Administrative controls for 
would probably be more work than just the library interface.

ietf-smtp mailing list

<Prev in Thread] Current Thread [Next in Thread>