attachment
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title></title>
</head>
<body>
<div name="messageBodySection">
<div dir="auto">Smith,</div>
</div>
<div name="messageReplySection">On Nov 12, 2021, 4:01 PM -0500, Kennedy, Smith (Wireless & IPP Standards) <smith.kennedy@hp.com>, wrote:<br />
<blockquote type="cite" style="border-left-color:#1abc9c; margin:5px 5px; padding-left:10px; border-left-width:thin; border-left-style:solid;" class="spark_indent">Hi Mike,<br class="" />
<div><br class="" />
<blockquote type="cite" class="spark_indent" style="border-left-color:#e67e22; margin:5px 5px; padding-left:10px; border-left-width:thin; border-left-style:solid;">
<div class="">On Nov 12, 2021, at 11:34 AM, Michael Sweet <<a href="mailto:msweet@msweet.org" class="">msweet@msweet.org</a>> wrote:</div>
<br class="Apple-interchange-newline" />
<div class="">
<meta charset="UTF-8" class="" /><span style="caret-color: rgb(0, 0, 0); font-family: Courier; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; float: none; display: inline !important;" class="">Smith,</span><br style="caret-color: rgb(0, 0, 0); font-family: Courier; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class="" />
<br style="caret-color: rgb(0, 0, 0); font-family: Courier; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class="" />
<blockquote type="cite" style="border-left-color:#3498db; margin:5px 5px; padding-left:10px; border-left-width:thin; border-left-style:solid;" class="spark_indent">On Nov 12, 2021, at 12:49 PM, Kennedy, Smith (Wireless & IPP Standards) <<a href="mailto:smith.kennedy@hp.com" class="">smith.kennedy@hp.com</a>> wrote:<br class="" />
<br class="" />
Hi Ira,<br class="" />
<br class="" />
As you suggested, I've added the IPP Workgroup reflector to the list of recipients to bring this sidebar discussion into the forum without having to start from scratch.<br class="" />
<br class="" />
<blockquote type="cite" class="spark_indent" style="border-left-color:#d35400; margin:5px 5px; padding-left:10px; border-left-width:thin; border-left-style:solid;">I do agree that it's not desirable that IPP Infrastructure Printers should<span class="Apple-converted-space"> </span><br class="" />
accept anything except Get-Printers w/out TLS security.<br class="" /></blockquote>
<br class="" />
If an Infrastructure Printer object is supposed to be available on the Internet but for "private use only", how does that work given the legacy Get-Printer-Attributes use precedent?<br class="" /></blockquote>
<br style="caret-color: rgb(0, 0, 0); font-family: Courier; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class="" />
<span style="caret-color: rgb(0, 0, 0); font-family: Courier; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; float: none; display: inline !important;" class="">OK, some (hopefully obvious) observations:</span><br style="caret-color: rgb(0, 0, 0); font-family: Courier; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class="" />
<br style="caret-color: rgb(0, 0, 0); font-family: Courier; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class="" />
<span style="caret-color: rgb(0, 0, 0); font-family: Courier; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; float: none; display: inline !important;" class="">0. We need to separate the notion of legal access and protocol access to a service.</span><br style="caret-color: rgb(0, 0, 0); font-family: Courier; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class="" />
<span style="caret-color: rgb(0, 0, 0); font-family: Courier; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; float: none; display: inline !important;" class="">1. A service that accepts connections over the Internet is, by definition, publicly accessible at the protocol level.</span><br style="caret-color: rgb(0, 0, 0); font-family: Courier; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class="" />
<span style="caret-color: rgb(0, 0, 0); font-family: Courier; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; float: none; display: inline !important;" class="">2. Get-Printer-Attributes (and Get-System-Attributes) allow a Client to determine the *legal* access permissions.</span><br style="caret-color: rgb(0, 0, 0); font-family: Courier; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class="" /></div>
</blockquote>
<div><br class="" /></div>
So protocol access == YES and legal access == YES for Get-Printer-Attributes and Get-System-Attributes.</div>
<div><br class="" />
<blockquote type="cite" class="spark_indent" style="border-left-color:#e67e22; margin:5px 5px; padding-left:10px; border-left-width:thin; border-left-style:solid;">
<div class=""><span style="caret-color: rgb(0, 0, 0); font-family: Courier; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; float: none; display: inline !important;" class="">3. All other operations enforce the legal access permissions.</span><br style="caret-color: rgb(0, 0, 0); font-family: Courier; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class="" /></div>
</blockquote>
<div><br class="" /></div>
<div>So protocol access == YES but legal access == MAYBE (may require authentication).</div>
<div><br class="" /></div>
<div>If Get-Printer-Attributes and Get-System-Attributes are always legally accessible, then it seems to me that all of the Printer's Printer Description attributes and/or System's System Description attributes have to be "safe" i.e. free of PII and not confidential. And we need to clearly assert that somewhere so that we can point to that assertion. </div>
</div>
</blockquote>
<div><br /></div>
<div dir="auto">No, we need to document that attributes can/might contain PII and it is up to the administrator to restrict network access and/or configure the attributes to remove any PII. We don’t make assertions like this in PWG specs, we merely identify potential issues.</div>
<div dir="auto"><br /></div>
<div dir="auto">Honestly, the Internet-accessible address and URI of a service is PII enough to uniquely identify a particular printer/service. The administrator has control over the contact info which will typically be blank/empty by default…</div>
<div dir="auto"><br /></div>
<blockquote type="cite" style="border-left-color:#1abc9c; margin:5px 5px; padding-left:10px; border-left-width:thin; border-left-style:solid;" class="spark_indent">
<blockquote type="cite" class="spark_indent" style="border-left-color:#e67e22; margin:5px 5px; padding-left:10px; border-left-width:thin; border-left-style:solid;">
<div class="" dir="auto">
<blockquote type="cite" style="border-left-color:#3498db; margin:5px 5px; padding-left:10px; border-left-width:thin; border-left-style:solid;" class="spark_indent">What should the response be from the "System Service" or other process actually hosting the IPP Printer object? HTTP 404? Or an IPP layer equivalent? I'm not sure we ever considered this use case in 5100.18.<br class="" /></blockquote>
<br style="caret-color: rgb(0, 0, 0); font-family: Courier; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class="" />
<span style="caret-color: rgb(0, 0, 0); font-family: Courier; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; float: none; display: inline !important;" class="">HTTP 200 OK with the full set of attributes and values.</span><br style="caret-color: rgb(0, 0, 0); font-family: Courier; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class="" />
<br style="caret-color: rgb(0, 0, 0); font-family: Courier; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class="" />
<blockquote type="cite" style="border-left-color:#3498db; margin:5px 5px; padding-left:10px; border-left-width:thin; border-left-style:solid;" class="spark_indent">At the very least, we need to have a statement / paper prepared that provides guidance to Infrastructure Printer implementors to the critique that a Get-Printer-Attributes does not constitute either a security or a privacy risk. If each cloud / Infrastructure Printer hosting provider does something different, that makes it very difficult for client implementations to support in any consistent way.<span class="Apple-converted-space"> </span><br class="" /></blockquote>
<br style="caret-color: rgb(0, 0, 0); font-family: Courier; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class="" />
<span style="caret-color: rgb(0, 0, 0); font-family: Courier; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; float: none; display: inline !important;" class="">It makes sense to add a discussion of Get-Printer-Attributes to the IPP/2.x update and log an issue against PWG 5100.22 for Get-System-Attributes. We might also include references to this in 5100.18.</span><br style="caret-color: rgb(0, 0, 0); font-family: Courier; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;" class="" /></div>
</blockquote>
<div dir="auto"><br class="" /></div>
I think from the point of view of a vendor or service provider that owns or manages a publicly accessible IPP Printer object, I would want a clear and confidently stated statement that this is by design and doesn't represent an attack surface so long as the set of Printer Description / Printer Status attributes are "safe", so that if we get scrutinized by someone claiming a security concern, we can reference the PWG clauses and say "works as expected”. </blockquote>
<div><br /></div>
<div dir="auto">The attributes are (per STD92) there to describe the state, capabilities, and configuration of the printer/system object so that a Client is able to use it. I see no reason to make *any* further statements concerning their necessity or that they are “as designed”.</div>
<div dir="auto"><br /></div>
<div dir="auto">So while it *is* appropriate to note potential security/privacy considerations, it isn’t appropriate for us to make any legal claims or restrict usage over the Internet. After all, the I in IPP is Internet, right? :)</div>
<div dir="auto"><br /></div>
</div>
</body>
</html>