IPP> Additional proposal details

IPP> Additional proposal details

Tom Hastings hastings at cp10.es.xerox.com
Wed Jan 7 14:37:11 EST 1998 

A minor quibble: A client should NOT use Create-Job, instead of Print-Job,
when the client wants security, because Create-Job is an OPTIONAL operation,
so that the Printer object might not have implemented it.


As you later suggest the client should use the Validate-Job operation
first, not the Create-Job operation.


Tom


At 08:53 01/07/1998 PST, Turner, Randy wrote:
>
>
>	A client IPP implementation would never issue a
>	"print-job" operation in the clear, and it would know
>	that if it is using an "HTTP:" scheme that thats what
>	is happening. An HTTP client wanting to use security
>	for the connection would never use "print-job". It would
>	always use "create-job" with a 
>	"client-security-requested" attribute. It would then
>	send issue "send-data" ops , etc..
>
>	This is because its possible for redirection ot occur with
>	any operation, and a client would want to make sure that
>	a TLS-session is in progress to a particular IPP server
>	before sending any sensitive data. Keep in mind that this
>	is not only possible with IPP redirects, but is possible with
>	standard HTTP redirects as well, which is out-of-band to
>	actual IPP operations, and our normative scope as well
>	(except for the protocol doc).
>
>	By the way, it is possible to issue a "print-job" operation
>	within the context of a TLS session. The client would issue
>	a "validate-job" with the "client-security-requested" operation
>	attribute set, and then use the returned redirect URI to issue
>	the "print-job" operation securely.
>
>	Randy
>
>
>> -----Original Message-----
>> From:	Carl-Uno Manros [SMTP:carl at manros.com]
>> Sent:	Wednesday, January 07, 1998 6:36 AM
>> To:	Turner, Randy; 'Tom Hastings'
>> Cc:	'ipp at pwg.org'
>> Subject:	RE: IPP> Additional proposal details
>> 
>> At 10:53 PM 1/6/98 -0800, Turner, Randy wrote:
>> >
>> >See my response to your comments below.
>> >
>> >My comments are marked RT>
>> >
>> >R.
>> >
>> 
>> Randy, I have not copied your while message, only one comment from
>> you, 
>> where I think you are breaking the security.
>> 
>> Carl-Uno
>> 
>> 
>> >> -- It allows a TLS-capable server the ability
>> >>    to only require TLS negotiation for 
>> >>    particular operations that require the server
>> >>    to allocate resources. For instance, a
>> >>    server that requires all print jobs to be
>> >>    authenticated might still want all clients
>> >>    to be able to get attributes for the printer,
>> >>    as well as validate job parameters, without
>> >>    going to the expense of performing TLS
>> >>    negotiation. It basically allows an 
>> >>    administrator to decide what types of 
>> >>    operations should be authenticated. In the
>> >>    current spec, ALL operations are authenticated
>> >>    or NONE are. This is a nice scalability
>> >>    feature
>> >> 
>> >> TH> This is a good feature.  However, if a client wants security
>> and
>> >> TH> only has an HTTP URL, how does it get started?  It certainly
>> >> doesn't
>> >> TH> want to do a Print-Job and send valuable data, before gettting
>> the
>> >> TH> TLS URL.  So this means that the client that wants security is
>> >> forced
>> >> TH> to do a Validate-Job with the HTTP://... URL in order to get
>> back
>> >> TH> the redirect HTTPS://... URL, correct?
>> >> 
>> >	RT>You'll note that most of the scalability and flexibility of
>> >	RT>this proposal mostly applies to IPP servers and subsequently
>> >	RT>server administration framework. If a CLIENT wants a
>> >particular
>> >	RT>operation to be "secure" , then it includes the 
>> >	RT>"client-security-requested" operation attribute with whatever
>> >	RT>operation it is attempting.
>> >
>> 
>> CM> If you try this with a job submission operation, you have already
>> sent 
>> CM> your MIME type application/ipp, which means that all your data
>> were sent 
>> CM> unencrypted before you got the secure URI back, so your feature
>> does
>> CM> not make any sense in combination with certain operations. It is
>> not as 
>> CM> generic as you describe it above. Instead you might actually
>> mislead
>> CM> a user to think that their transmission is secure, when in reality
>> CM> it is not.
>> 
>> ---
>
>

More information about the Ipp mailing list
Our website uses cookies on your device to give you the best user experience. By using our website, you agree to the placement of these cookies. To learn more, read our privacy policy. Read Privacy Policy