[Nut-upsuser] I-D: ISE request for more detail on command STARTTLS
wolfy at nobugconsulting.ro
Sun Mar 27 19:03:02 BST 2022
On March 27, 2022 6:57:23 PM GMT+03:00, Greg Troxel <gdt at lexort.com> wrote:
>Roger Price <roger at rogerprice.org> writes:
>> The IETF Independent Submissions Editor (ISE) has asked for more
>> detail on the command STARTTLS, in particular the use of certificates.
>That's interesting, given how the overall state of PKI is not
>particularly about NUT.
>> I propose saying that NUT 2.8.0 supports the encryption of
>> communications between Attachment Daemon upsd and Management Daemon
>> upsmon using TLS 1.3 [RFC8446] with X.509 v3 certificates as defined
>> by RFC5280 + updates.
>This is really about the defined protocol and not really about any
>particular implementation :-)
>Certainly pointing to the normal RFCs is good.
> I would hesitate to
>do anything other than pointing to other RFCs that address this issue.
>Again nut is not really special.
Once again, I agree
>I am guessing their concern was lack of clarity about client certs and
>the path to authorization.
I'd need more details from the IES. I do not really understand why is he inferring differences between nut and other applications relying on SSL
More information about the Nut-upsuser