PWG IPP Security Phone Conference - May 22, 1997
This is a short report about what was discussed at today's teleconference.
Attending: Roger deBry
Jerry Hadsell
Scott Isaacson
Carl-Uno Manros
John Wenn
Daniel Manchala
Xavier Riley
Document structure
It was generally recognized that some of text parts need better integration
and flow. Almost all of the current text is general in nature and it was
decided that any direct recommendations about use of particular security
protocols should go into the document mapping IPP to a particular transfer
protocol. We should probably remove some of the threats and risks that we
are not planning to cover in version 1.0 of IPP. We should also either
explain security terms as they get introduced in the document or put in a
terminlogy section early on in the document. Jerry Hadsell offered to come
up with suggestions for a terminolgy section.
It was also discussed whether the document should be informational rather
than a standards track document considering that it is unlikely to include
any new protocol components, but rather analysis how existing security
protocols can be used in combination with IPP. Carl-Uno suggested that we
seek advice on this after we have the new version of the document completed.
Directory
We then discussed what informatio about security might be needed in the
Directory Schema. We did not reach agreements on that, but outlined
different solutions which were:
- Keep it very simple, only a binary value
- Describe which kind of security services are described as several attributes
- Define which security protocols are supported
It was also pointed out that in some caes, like with TLS, the URI would
actually be different, which means that a printer that supports both secure
and non-secure printing, might have two separate directory entries. Would
there be a point in having a reference attribute to point between the two
in this case?
It was also pointed out that the directory access control may prevent users
from even seeing a printer to which they have no access in the directory.
We must be able to find enough information in the directory to allow a
session between a user and a "secure" Printer to be be boot strapped
correctly.
We might have a certain overlap with SASL if we start putting up a number
of attributes in the directory (or in the Printer object), but in the case
of using HTTP this does not seem to have any impact.
Other subjects
It was felt that we need to create some additional text on how the use of
firewalls effects the IPP. Daniel Manchala will provide some additional text.
John Wenn also offered that he should write up something on IP SEC in
TCP/IP and how that can be used in combination with RFC 2069 security
features.
Roger deBry will produce a revised version of what we presently have for
review in next week's phone conference. All new input to be sent to Roger
by Tuesday morning, May 27. The plan is to have a new I-D text to send to
the IETF in two weeks time.
Next week's phone conference will be held at the same time next Thursday.
Carl-Uno will not be able to attend next week, so Roger deBry will lead the
conference next time.
----
Carl-Uno
Carl-Uno Manros
Principal Engineer - Advanced Printing Standards - Xerox Corporation
701 S. Aviation Blvd., El Segundo, CA, M/S: ESAE-231
Phone +1-310-333 8273, Fax +1-310-333 5514
Email: manros at cp10.es.xerox.com