IPP> TLS security section of protocol document

IPP> TLS security section of protocol document

Carl Kugler kugler at us.ibm.com
Tue Feb 3 11:55:39 EST 1998


Is the approach in


  Network Working Group                                      Ari Luoton=
en
  Request for Comments: XXXX          Netscape Communications Corporati=
on
  Category: Informational                                 September, 19=
97


                Tunneling SSL through Web Proxy Servers


 draft-luotonen-ssl-tunneling-03.txt, expires on 9/26/97


being considered for TLS?


  -Carl






ipp-owner at pwg.org on 02/02/98 02:25:38 PM
Please respond to ipp-owner at pwg.org @ internet
To: ipp at pwg.org @ internet
cc:
Subject: IPP> TLS security section of protocol document






Just a note from the WG meeting in Hawaii...


During the discussions of security related matters regarding using
multiple
HTTP methods at the last meeting, Josh brought up a point that proxies
should be no problem with using a new method (such as PRINT) because it=


would just transparently pass it on through. I'm assuming that proxies
do this with all methods the proxy does not recognize (unless some type=


of method filtering is turned on).


This discussion got me thinking about proxies and IPP in general, with
my initial conclusion being that we have a problem using TLS for
end-to-end security in the presence of proxies. There is currently no
standard for delegation of authentication info across proxies ( or any
kind of "firewall" type of software). If the IPP client is configured t=
o
work with a particular proxy, and the IPP client is attempting
communication with a TLS-based printer URI, we might need to indicate i=
n
the protocol document that this (and possibly other scenarios) can
happen and what the implications of these scenarios might be.


My immediate question is do we consider updating the security
considerations section of the protocol document prior to IETF last call=
?


Randy








=



More information about the Ipp mailing list