[Nut-upsdev] Addition to draft-rprice-ups-management-protocol-05 - IP addressing lockdown and encryption
Ted Mittelstaedt
tedm at mittelstaedt.us
Tue Dec 28 19:17:49 GMT 2021
Section 6.4 needs some work. I think you need to renumber it as follows:
6.4.1 to 6.4.1.1
6.4.1.1 to 6.4.1.1.1
6.4.1.2 to 6.4.1.1.2
6.4.2 to 6.4.1.2
6.4.3 to 6.4.1.3
6.4.4 to 6.4.1.4
6.4.5 to 6.4.2
The reason this needs to be done is you are saying in 6.4 that UPS
management "needs to move to a more secure practice in which all traffic
is encrypted"
In an RFC standards document this wishy hand-waving wording isn't
allowed, what you are hinting at here is a "MUST" directive but not
coming out and using the MUST keyword. That is, what this section is
proposing is that the final RFC requires encryption - so that programs
that do NOT implement encryption are NOT fully compliant.
Setting aside for the moment the discussion of whether you agree the RFC
should require this (I do not BTW) the existing sections are of 2
flavors - the first flavor is "ways to implement encryption" and the
second flavor is basically a laundry list of ways to protect traffic in
a non-encrypted manner.
Section 6.4 is conflating the encryption and non-encryption flavors
together under a paragraph that says management data MUST be encrypted.
This makes no logical sense
Renumbering is a way of separating the encryption/non encryption flavors.
I also propose adding 6.4.1.5 saying the following:
A fifth option would be to incorporate a configuration directive in the
ups daemon program that would allow the admin to set a list of IP
addresses that are permitted to send commands to the UPS daemon.
Addresses would allow for read-only or read-send configuration
directives. This could also be accomplished with less granularity via
the use of firewall entries on the hosts.
Now as for the 6.4 section, I disagree with making encryption a
requirement. Just like SMTP traffic encryption should ALWAYS be an
option. The draft RFC swings back and forth on this, and this kind of
requirement absolutely needs discussion in any case.
I don't believe you are going to get an RFC that mandates encryption for
interhost communication no matter how much you want it, people have been
holding their breath turning blue in the face and jumping up and down
trying to force SMTP to have mandated encryption for years and have not
gotten their way on it. So don't even open the door to that. You can
satisfy the large corps who want encryption by standardizing encryption
in the RFC and making it optional and the small orgs and individuals who
don't need encryption and don't want the bother of it by making it optional.
Rewrite paragraph 6.4 to say:
UPS management needs to make available optional mechanisms for securing
host to host communication such as encrypting traffic, blah blah blah.
and rewrite the entire section on security to make it clear that
encryption of the commands was a SHOULD not a MUST in the RFC. Separate
all the encryption approaches into their own group, and all the
non-encryption approaches into their group for clarity.
And DON'T cave into the "encryption everywhere" cult-hood. I don't know
if any of them are listening but if so this post is going to be like
throwing red meat down in front of them so I'll step back and let the
frenzy start.
Ted
On 12/28/2021 9:27 AM, Roger Price wrote:
> The IETF have confirmed that they now have version 05 of the NUT RFC
> in their repository. This includes changes made following comments by
> Bart Smit and David Zomaya. The full list of changes can be found in
> Appendix D.
>
> Roger
>
> ---------- Forwarded message ----------
> A new version of I-D, draft-rprice-ups-management-protocol-05
> has been successfully submitted by Roger Price and posted to the
> IETF repository.
>
> Name: draft-rprice-ups-management-protocol
> Revision: 05
> Title: Uninterruptible Power Supply (UPS) Management Protocol
> -- Commands and Responses
> Document date: 2021-12-28
> Group: Individual Submission
> Pages: 61
> Html:
> https://www.ietf.org/archive/id/draft-rprice-ups-management-protocol-05.html
>
> Abstract:
> This document describes the command/response protocol currently used
> in the management of Uninterruptible Power Supply (UPS) units and
> other power devices often deployed in small offices, and in IT
> installations subject to an erratic public power supply. The UPS
> units typically interface to an Attachment Daemon in the system they
> protect. This daemon is in turn polled by a Management Daemon which
> notifies users and system administrators of power supply incidents,
> and automates system shutdown decisions. The commands and responses
> described by this document are exchanged between the UPS Attachment
> Daemon and the Management Daemon. Current practice when this text
> was written risks weak security and this is addressed in the Security
> Considerations sections of this document.
>
> The IETF Secretariat
>
>
>
> _______________________________________________
> Nut-upsdev mailing list
> Nut-upsdev at alioth-lists.debian.net
> https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/nut-upsdev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/nut-upsdev/attachments/20211228/9c0bb1fd/attachment-0001.htm>
More information about the Nut-upsdev
mailing list