[Top] [All Lists]

Re: [ietf-smtp] ALPN

2021-07-28 12:26:53
On Wed, Jul 28, 2021, Alexey Melnikov wrote:

I think having separate allocations for them would be clean design.

Stupid question: what are the differences in the actual protocol
between SMTP and SUBMIT?

However, ALPN seem to be intended for multiple protocols sharing the same
IP/port. This doesn't seem to apply to SMTP/SUBMIT/IMAP/POP. Or am I missing
the point of ALPN?

A possible hack is to redirect a HTTP connection to an SMTP server:
different ports / different protocols.
ALPN is supposed to prevent such "cross protocol" attacks.

Hence my question above: if there's no difference at the protocol
level, what would we gain having two different ALPN ids for SUBMIT
and SMTP?

Has anyone already applied at least for an id for SMTP?

Would it be as simple as this:

To: tls-reg-review(_at_)ietf(_dot_)org
Subject: Request to register value in TLS Extensions: SMTP for ALPN

Please add SMTP to the list of
TLS Application-Layer Protocol Negotiation (ALPN) Protocol IDs
(this might have been requested by someone already?)

See also:
  - Section 5 "Applicability Statement" lists "SMTP traffic".
  - Section 3.8 "Application-Layer Protocol Negotiation" says that the TLS
    must support - but nothing is said about the application layer actually
    making use.

Address is valid for this mailing list only, please do not reply
to it direcly, but to the list.

ietf-smtp mailing list

<Prev in Thread] Current Thread [Next in Thread>