Nut upsdev - Jan 2022 - NUT I-D: Unencrypted communication

I have received a comment from a embedded Windows XP user, concerned at being 
forced to use TLS encrypted communication by low budget "RFC
conforming" UPS
units which do not allow unencrypted communication.

Section 4.2.12 STARTTLS says ? The client tells the Attachment Daemon (2.1) to 
switch to TLS encrypted communication ? but does not explicitly say that if the 
command STARTTLS is not sent, the Attachment and Management Daemons do not 
switch to encrypted communication

https://www.ietf.org/archive/id/draft-rprice-ups-management-protocol-05.html#name-starttls

I propose adding the following sentence to section 4.2.12:

  If the client does not send command STARTTLS to the Attachment Daemon
  communication continues unencrypted.

Roger

On 1/3/22 14:17, Roger Price wrote:
> I have received a comment from a embedded Windows XP user, concerned 
> at being forced to use TLS encrypted communication by low budget "RFC 
> conforming" UPS units which do not allow unencrypted communication.
I guess you meant _encrypted communication_ here
>
> Section 4.2.12 STARTTLS says ? The client tells the Attachment Daemon 
> (2.1) to switch to TLS encrypted communication ? but does not 
> explicitly say that if the command STARTTLS is not sent, the 
> Attachment and Management Daemons do not switch to encrypted 
> communication
>
>
https://www.ietf.org/archive/id/draft-rprice-ups-management-protocol-05.html#name-starttls
>
>
> I propose adding the following sentence to section 4.2.12:
>
> ?If the client does not send command STARTTLS to the Attachment Daemon
> ?communication continues unencrypted. 

Sounds like a sane decision. Most [ low end ] UPSes do not know anything 
about encryption. What we can do is to recommend communication between 
upsd and ups-monitor to be encrypted.