IETF Logo Mail Archive

Re: [ietf-smtp] Characteristics of Isolated (or mostly-isolated) industrial IP Networks

"John Levine" <johnl@taugh.com> Sun, 05 January 2020 02:18 UTC

Return-Path: <johnl@iecc.com>
X-Original-To: ietf-smtp@ietfa.amsl.com
Delivered-To: ietf-smtp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B6B9E120091 for <ietf-smtp@ietfa.amsl.com>; Sat, 4 Jan 2020 18:18:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.75
X-Spam-Level:
X-Spam-Status: No, score=-1.75 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1536-bit key) header.d=iecc.com header.b=CrGvEcVS; dkim=pass (1536-bit key) header.d=taugh.com header.b=eexYLqLG
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uQCFINHmQBwy for <ietf-smtp@ietfa.amsl.com>; Sat, 4 Jan 2020 18:18:42 -0800 (PST)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2061812008F for <ietf-smtp@ietf.org>; Sat, 4 Jan 2020 18:18:41 -0800 (PST)
Received: (qmail 71746 invoked from network); 5 Jan 2020 02:18:41 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=1183c.5e114781.k2001; i=printer-iecc.com@submit.iecc.com; bh=v3OYEwHAU/fg/y9fB/em86u5fHfTRMmRHI+3aQYw8vw=; b=CrGvEcVSaitRPyc/DFNy1tNJMpB8V9IssMKYODy1Uh0kiWHIPYillIXvW1q4EBuClg45SxCHWTRmB46ILcT3EQwOSOOm0TmnxOxA9N0Q4ELDzNBiVjRKUKnO4pZOgLqoQbskkrrFYoOeJS84xI0zxPPWy+vt8VAXR4TQ13rzqpDdThzQwen3jo65VRU8XQ6lA5AZ4etHSUbXxvvKqztCX3mMR/ig7k+tfqWLEvURqxEQL5MCbCgAh2HxE8TL6HZn
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=1183c.5e114781.k2001; olt=printer-iecc.com@submit.iecc.com; bh=v3OYEwHAU/fg/y9fB/em86u5fHfTRMmRHI+3aQYw8vw=; b=eexYLqLGePuCAvWy+s28VPPkjQ9AzysFwhK9Zx2tiL4Hu9sr62FGikhKF6Owf4u/6NxuMaZ5mfEn8eYo4l1e5MapfUQj9dFbZscHq0PTbJNDC8CHpE/u9VqG/UUR3+T73zHz2IF7vFiAE+4JGLuDIrOTzaOTz3E9StFZ2LY/w/wRQxKvoUaCPNW5iMPlwKP4f3BZpHI0qYufSzuj0p7D0GOi/6C8IPo4zgtLvs1pdjOcckiIRHxWQMOHhMbo33kl
Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPSA (TLS1.2 ECDHE-RSA AES-256-GCM AEAD, printer@iecc.com) via TCP6; 05 Jan 2020 02:18:40 -0000
Received: by ary.qy (Postfix, from userid 501) id 51DEA11FA155; Sat, 4 Jan 2020 21:18:39 -0500 (EST)
Date: Sat, 04 Jan 2020 21:18:39 -0500
Message-Id: <20200105021840.51DEA11FA155@ary.qy>
From: John Levine <johnl@taugh.com>
To: ietf-smtp@ietf.org
Cc: moore@network-heretics.com
In-Reply-To: <92D1347D-9993-41F8-902B-0C9EDC79AD7D@network-heretics.com>
Organization: Taughannock Networks
X-Headerized: yes
Mime-Version: 1.0
Content-type: text/plain; charset="utf-8"
Content-transfer-encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-smtp/uwC_ZgWKGUeRfE2y5EMUoFFCs4I>
Subject: Re: [ietf-smtp] Characteristics of Isolated (or mostly-isolated) industrial IP Networks
X-BeenThere: ietf-smtp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussion of issues related to Simple Mail Transfer Protocol \(SMTP\) \[RFC 821, RFC 2821, RFC 5321\]" <ietf-smtp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-smtp/>
List-Post: <mailto:ietf-smtp@ietf.org>
List-Help: <mailto:ietf-smtp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 05 Jan 2020 02:18:44 -0000

In article <92D1347D-9993-41F8-902B-0C9EDC79AD7D@network-heretics.com> you write:
>-=-=-=-=-=-
>This is an attempt to summarize my observations about (mostly-)isolated networks, and also about some dubious assumptions
>that I've seen some equipment developers make about security requirements on such networks.

Thanks, this is very helpful.

It looks like, insofar as we're thinking about mail, a reasonable
design is to put a reasonably capable submission server on a network
(e.g., Raspberry Pi running linux) and point the IPs of the IoT mail
senders at it.  We could give some more thought about what the
submission server could reasonably do to avoid relaying hostile
messages.

R's,
John

v2.23.0 | Report a Bug | By Email