attachment
<html><head><meta http-equiv="Content-Type" content="text/html; charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">Hi Mike,<div class=""><br class=""></div><div class="">I know everybody hates it when I do this but I've edited the March 11 draft to hopefully resolve most of the issues raised. New draft and -rev copies to the last two revisions here:</div><div class=""><br class=""></div><blockquote style="margin: 0 0 0 40px; border: none; padding: 0px;" class=""><div class=""><div class=""><a href="https://ftp.pwg.org/pub/pwg/ipp/whitepaper/tb-savepassword-20180313.pdf" class="">https://ftp.pwg.org/pub/pwg/ipp/whitepaper/tb-savepassword-20180313.pdf</a> </div><div class=""><a href="https://ftp.pwg.org/pub/pwg/ipp/whitepaper/tb-savepassword-20180313.odt" class="">https://ftp.pwg.org/pub/pwg/ipp/whitepaper/tb-savepassword-20180313.odt</a> </div><div class=""><a href="https://ftp.pwg.org/pub/pwg/ipp/whitepaper/tb-savepassword-20180313-rev-20180311.pdf" class="">https://ftp.pwg.org/pub/pwg/ipp/whitepaper/tb-savepassword-20180313-rev-20180311.pdf</a> </div><div class=""><a href="https://ftp.pwg.org/pub/pwg/ipp/whitepaper/tb-savepassword-20180313-rev-20180311.odt" class="">https://ftp.pwg.org/pub/pwg/ipp/whitepaper/tb-savepassword-20180313-rev-20180311.odt</a> </div><div class=""><a href="https://ftp.pwg.org/pub/pwg/ipp/whitepaper/tb-savepassword-20180313-rev-20180205.pdf" class="">https://ftp.pwg.org/pub/pwg/ipp/whitepaper/tb-savepassword-20180313-rev-20180205.pdf</a> </div><div class=""><a href="https://ftp.pwg.org/pub/pwg/ipp/whitepaper/tb-savepassword-20180313-rev-20180205.odt" class="">https://ftp.pwg.org/pub/pwg/ipp/whitepaper/tb-savepassword-20180313-rev-20180205.odt</a> </div></div></blockquote><div class=""><br class=""></div><div class="">Whenever we review this, this most recent update will hopefully let us focus on the unresolved issues:</div><div class=""><br class=""></div><div class=""><blockquote type="cite" class="">- Section 4.1.6 (and this is probably an errata for IPP Scan and IPP INFRA as well): access-x509-certificate is insufficient by itself for authentication - you need the private key as well to do the signing (to prove that you "own" the certificate...) Probably need to say that the printer obtains the signing key through an out-of-band means.<br class=""></blockquote><blockquote type="cite" class=""><br class=""></blockquote><blockquote type="cite" class="">Overall I think the draft is shaping up, although my gut says we still need to frame/document the scope and usage a little more - right now I can see how this would provide credentials for the save process but not how it requires those credentials for the reprint use case.<br class=""></blockquote><br class=""></div><div class="">Isn't that a printer implementation question if the credential is acquired out of band of IPP? HP historically hasn't been interested in that use case but I can imagine that might be a factor in complex printing topologies, where the output device and the Printer object don't reside on the same device.</div><div class=""><br class=""><div class="">
<div dir="auto" style="color: rgb(0, 0, 0); letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div style="color: rgb(0, 0, 0); letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">Smith<br class=""><br class="">/**<br class=""> Smith Kennedy<br class=""> Wireless & Standards Architect - IPG-PPS<br class=""> Standards - IEEE ISTO PWG / Bluetooth SIG / Wi-Fi Alliance / NFC Forum / USB-IF<br class=""> Chair, IEEE ISTO Printer Working Group<br class=""> HP Inc.<br class="">*/<br class=""><br class=""><br class=""></div></div>
</div>
<div><br class=""><blockquote type="cite" class=""><div class="">On Mar 12, 2018, at 7:48 AM, Michael Sweet <<a href="mailto:msweet@apple.com" class="">msweet@apple.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div class="">Smith,<br class=""><br class="">Some quick feedback after looking at the new draft:<br class=""><br class="">- Abstract: The wording here seems a little redundantly redundant. :)<br class=""><br class="">- Sections 4.1.3 and 4.1.5: RFC updates - 7616 for Digest and 7617 for Basic.<br class=""><br class="">- Section 4.1.6 (and this is probably an errata for IPP Scan and IPP INFRA as well): access-x509-certificate is insufficient by itself for authentication - you need the private key as well to do the signing (to prove that you "own" the certificate...) Probably need to say that the printer obtains the signing key through an out-of-band means.<br class=""><br class="">- Section 5.1: Not sure how to use this attribute; we don't have its equivalent for IPP Scan or INFRA.<br class=""><br class="">- I think we'll need to add an Additional Semantics section to briefly say that job-save-accesses gets copied to the Job Object but not returned as a Job attribute.<br class=""><br class="">- Section 16: Should say more about protecting the values of job-save-accesses in transit and at rest.<br class=""><br class="">Overall I think the draft is shaping up, although my gut says we still need to frame/document the scope and usage a little more - right now I can see how this would provide credentials for the save process but not how it requires those credentials for the reprint use case.<br class=""><br class=""><br class=""><blockquote type="cite" class="">On Mar 11, 2018, at 11:24 PM, Kennedy, Smith (Wireless & Standards Architec) <<a href="mailto:smith.kennedy@hp.com" class="">smith.kennedy@hp.com</a>> wrote:<br class=""><br class="">Greetings,<br class=""><br class="">I have just posted a new draft of IPP Job Save Password:<br class=""><br class=""> <a href="https://ftp.pwg.org/pub/pwg/ipp/whitepaper/tb-savepassword-20180311.pdf" class="">https://ftp.pwg.org/pub/pwg/ipp/whitepaper/tb-savepassword-20180311.pdf</a><br class=""> <a href="https://ftp.pwg.org/pub/pwg/ipp/whitepaper/tb-savepassword-20180311.odt" class="">https://ftp.pwg.org/pub/pwg/ipp/whitepaper/tb-savepassword-20180311.odt</a><br class=""> <a href="https://ftp.pwg.org/pub/pwg/ipp/whitepaper/tb-savepassword-20180311-rev.pdf" class="">https://ftp.pwg.org/pub/pwg/ipp/whitepaper/tb-savepassword-20180311-rev.pdf</a><br class=""> <a href="https://ftp.pwg.org/pub/pwg/ipp/whitepaper/tb-savepassword-20180311-rev.odt" class="">https://ftp.pwg.org/pub/pwg/ipp/whitepaper/tb-savepassword-20180311-rev.odt</a><br class=""><br class="">This draft refactors the proposed attributes as per the discussion back in December 2017 and that we further briefly discussed at the February 2018 F2F.<br class=""><br class="">Cheers,<br class=""><br class="">Smith<br class=""><br class="">/**<br class=""> Smith Kennedy<br class=""> Wireless & Standards Architect - IPG-PPS<br class=""> Standards - IEEE ISTO PWG / Bluetooth SIG / Wi-Fi Alliance / NFC Forum / USB-IF<br class=""> Chair, IEEE ISTO Printer Working Group<br class=""> HP Inc.<br class="">*/<br class=""><br class=""><br class=""><br class="">_______________________________________________<br class="">ipp mailing list<br class=""><a href="mailto:ipp@pwg.org" class="">ipp@pwg.org</a><br class="">https://www.pwg.org/mailman/listinfo/ipp<br class=""></blockquote><br class="">_________________________________________________________<br class="">Michael Sweet, Senior Printing System Engineer<br class=""><br class=""></div></div></blockquote></div><br class=""></div></body></html>