It appears that Claus Assmann <ietf-smtp(_at_)ietf(_dot_)org> said:
On Wed, Jul 28, 2021, Alexey Melnikov wrote:
I think having separate allocations for them would be clean design.
Stupid question: what are the differences in the actual protocol
between SMTP and SUBMIT?
The port numbers, and the fact that 465 does TLS on connnect. Other than that,
nothing.
Since SMTP doesn't do TLS on connect I have trouble imagining an attack that an
ALPN
wouldn't
A possible hack is to redirect a HTTP connection to an SMTP server:
different ports / different protocols.
ALPN is supposed to prevent such "cross protocol" attacks.
You can certainly point a browser at http://your.ser.ver:25/something but again
I have trouble imagining an actual threat, and even more trouble imagning
one where an ALPN would make any difference.
R's,
John
_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp