Hi Akexey, This is about different protocol servers sharing the same IP, but *not* the same port. There's nothing to bind the encrypted TLS connection to a particular port, and that's the problem addressed here - an IMAP client being forced to talk to an FTP server. Obviously you can have IMAP on one port of a given server, SMTP on another, and FTP on a third.
Please read https://alpaca-attack.com/ if you haven't yet, it's fun reading. Thanks, Yaron On 7/28/21, 16:32, "Uta on behalf of Alexey Melnikov" <uta-boun...@ietf.org on behalf of alexey.melni...@isode.com> wrote: Hi, Section 3.8 of the draft says: TLS implementations (both client- and server-side) MUST support the Application-Layer Protocol Negotiation (ALPN) extension [RFC7301]. This looks fine to me. I assume it is still up to application protocols to decide whether or not use of ALPN is required? I am thinking of email and I can't see a use case where, for example, an IMAP server would share the same IP/port number with another protocol. Or is the point of this is to prevent an IMAP client talking to a non IMAP server, as well as to prevent a non IMAP client talking to an IMAP server? Thank you, Alexey _______________________________________________ Uta mailing list Uta@ietf.org https://www.ietf.org/mailman/listinfo/uta _______________________________________________ Uta mailing list Uta@ietf.org https://www.ietf.org/mailman/listinfo/uta
