Re: [ietf-smtp] Characteristics of Isolated (or mostly-isolated) industrial IP Networks
Viktor Dukhovni <ietf-dane@dukhovni.org> Sun, 05 January 2020 20:14 UTC
Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: ietf-smtp@ietfa.amsl.com
Delivered-To: ietf-smtp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5625A120058 for <ietf-smtp@ietfa.amsl.com>; Sun, 5 Jan 2020 12:14:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wYNe6ax0xZ7c for <ietf-smtp@ietfa.amsl.com>; Sun, 5 Jan 2020 12:14:36 -0800 (PST)
Received: from straasha.imrryr.org (straasha.imrryr.org [100.2.39.101]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7890612004F for <ietf-smtp@ietf.org>; Sun, 5 Jan 2020 12:14:36 -0800 (PST)
Received: by straasha.imrryr.org (Postfix, from userid 1001) id 7A3492AC23D; Sun, 5 Jan 2020 15:14:35 -0500 (EST)
Date: Sun, 05 Jan 2020 15:14:35 -0500
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: ietf-smtp@ietf.org
Message-ID: <20200105201435.GB73491@straasha.imrryr.org>
Reply-To: ietf-smtp@ietf.org
References: <20200105021840.51DEA11FA155@ary.qy> <e222998e-374f-07aa-024e-2b6fb9d39003@network-heretics.com> <3c50a793-dd26-3254-f9e3-b642793918b7@dcrocker.net> <edcc7d1a-447c-0d49-81d2-84e2b249abdc@network-heretics.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <edcc7d1a-447c-0d49-81d2-84e2b249abdc@network-heretics.com>
User-Agent: Mutt/1.12.2 (2019-09-21)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-smtp/-26zowa_W0ygAUdaYWromBUcgmo>
Subject: Re: [ietf-smtp] Characteristics of Isolated (or mostly-isolated) industrial IP Networks
X-BeenThere: ietf-smtp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussion of issues related to Simple Mail Transfer Protocol \(SMTP\) \[RFC 821, RFC 2821, RFC 5321\]" <ietf-smtp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-smtp/>
List-Post: <mailto:ietf-smtp@ietf.org>
List-Help: <mailto:ietf-smtp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 05 Jan 2020 20:14:38 -0000
On Sun, Jan 05, 2020 at 02:38:02AM -0500, Keith Moore wrote: > But the IIoT MSA might still be operating in an environment without > DNS, so it can't be expected to do all of the sanity checking and > fixup that an MSA on the public Internet would do. The usual-suspect MSAs (at least Postfix and Exim) operate just fine in isolated non-DNS networks. An MSA only needs DNS when: * Delivering to someone else's domain on the public internet, via the MX records for that domain. * Attempting to do DANE SMTP. neither of these apply on isolated non-DNS networks. > I'd also like to see if there's a way to use TLS to let the connection > be secured by a certificate on the client end, using a certificate > issued by the device manufacturer. > > For SMTP, what I have in mind is a SLTTRATS SMTP extension that acts > like STARTTLS except that the the client and server roles on the TLS > connection are flipped - the SMTP client is the TLS server and vice > versa. That's possible now, using STARTTLS. No need for a new ESMTP extension. The client ignores the server certificate, while the server, requests a client certificate and uses it to authenticate the client (by certificate or public key fingerprint). > Then the IIoT devices don't need a trusted CA list, the IIoT MSAs that > they talk to do - but the MSAs are closer to the public network so the > update might be easier. They don't need a CA bundle if they are not going to authenticate the server. Since they can't be assumed to have a reliable clock, certs work poorly in any case, so they could at best be (on site) configured with a list of public key fingerprints of trusted MSAs. In most cases this is likely overkill. A rogue MSA can just reject connections blocking mail delivery, and no amount of authentication will stop that. -- Viktor.
- [ietf-smtp] Characteristics of Isolated (or mostl… Keith Moore
- Re: [ietf-smtp] Characteristics of Isolated (or m… John Levine
- Re: [ietf-smtp] Characteristics of Isolated (or m… Keith Moore
- Re: [ietf-smtp] Characteristics of Isolated (or m… Dave Crocker
- Re: [ietf-smtp] Characteristics of Isolated (or m… Keith Moore
- Re: [ietf-smtp] Characteristics of Isolated (or m… John R Levine
- Re: [ietf-smtp] Characteristics of Isolated (or m… John Levine
- Re: [ietf-smtp] Characteristics of Isolated (or m… Viktor Dukhovni
- Re: [ietf-smtp] Characteristics of Isolated (or m… Hector Santos
- Re: [ietf-smtp] Characteristics of Isolated (or m… Dave Crocker
- Re: [ietf-smtp] Characteristics of Isolated (or m… John R Levine