Roger Price <[email protected]> writes: > On Mon, 3 Jan 2022, Manuel Wolfshant wrote: > >> On 1/3/22 14:17, Roger Price wrote: >>> I propose adding the following sentence to section 4.2.12: >>> >>> If the client does not send command STARTTLS to the Attachment Daemon >>> communication continues unencrypted. >> >> Sounds like a sane decision. Most [ low end ] UPSes do not know >> anything about encryption. What we can do is to recommend >> communication between upsd and ups-monitor to be encrypted. > > Should the Attachment Daemon upsd be able to defend itself against > unencrypted access from misconfigured or possibly hostile clients?
That's an implementation question, really, but it seems obvious that it should be conforming for an implementation to refuse to interact in cleartext. And also to choose to allow cleartext on localhost and not with other addresses. > Is the presence of a CERTFILE or CERTIDENT declaration in upsd.conf > sufficient? I would not expect that to belong in the RFC at all, but maybe I'm confused.
signature.asc
Description: PGP signature
_______________________________________________ Nut-upsdev mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/nut-upsdev
