[Nut-upsuser] I-D: ISE request for more detail on command STARTTLS

Manuel Wolfshant wolfy at nobugconsulting.ro
Sun Mar 27 19:03:02 BST 2022


On March 27, 2022 6:57:23 PM GMT+03:00, Greg Troxel <gdt at lexort.com> wrote:
>
>Roger Price <roger at rogerprice.org> writes:
>
>> The IETF Independent Submissions Editor (ISE) has asked for more
>> detail on the command STARTTLS, in particular the use of certificates.
>
>That's interesting, given how the overall state of PKI is not
>particularly about NUT.

Right.


>
>> I propose saying that NUT 2.8.0 supports the encryption of
>> communications between Attachment Daemon upsd and Management Daemon
>> upsmon using TLS 1.3 [RFC8446] with X.509 v3 certificates as defined
>> by RFC5280 + updates.

WFM


>
>This is really about the defined protocol and not really about any
>particular implementation :-)
>
>Certainly pointing to the normal RFCs is good.

Right again


>


> I would hesitate to
>do anything other than pointing to other RFCs that address this issue.
>Again nut is not really special.
Once again, I agree


>
>I am guessing their concern was lack of clarity about client certs and
>the path to authorization.
I'd need more details from the IES. I do not really understand why is he inferring differences between nut and other applications relying on SSL




More information about the Nut-upsuser mailing list