On Mon, 3 Jan 2022, Greg Troxel wrote:
On 1/3/22 14:17, Roger Price wrote:
I propose adding the following sentence to section 4.2.12:
If the client does not send command STARTTLS to the Attachment Daemon
communication continues unencrypted.
Should the Attachment Daemon upsd be able to defend itself against
unencrypted access from misconfigured or possibly hostile clients?
That's an implementation question, really, but it seems obvious that it
should be conforming for an implementation to refuse to interact in
cleartext. And also to choose to allow cleartext on localhost and not
with other addresses.
I'll change the additional sentence to
If the client does not send command STARTTLS to the Attachment Daemon
communication continues unencrypted, however an Attachment Daemon may refuse
unencrypted communication.
How the AD does this is an implementation matter and outside the scope of the
RFC.
Roger
_______________________________________________
Nut-upsdev mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/nut-upsdev
