Larry Masinter wrote:
> ...
> the user's "printer password" is likely to be the user's password
> for other services, and so compromising the printer password
> compromises everything _else_ the user has access to. (That's also
That goes into policy and use issues, which are beyond the scope of
any standard...
> why MD5-sess is a good idea.) Digest Authentication with qop=auth is
> adequate for protecting against evesdropping, and is adequate for
> protecting against replay attacks. Any attempt to hijack one
It all depends on how the server implements Digest. Apache (and
others) currently don't support qop, or any other HTTP/1.1 final
draft Digest stuff.
> person's print job with some false data would soon be noticed.
It would take enough time that the offender would be able to get his
or her printout before the "hijacking" was noticed... The whole
purpose of authorization is to *prevent* that from happening, and the
only fool-proof way I know of with Digest authentication is to hash
the entire request (not just the username/password/realm/nonce).
> qop=auth-int has the problem that you have to hash the body of the
> request before sending the request, which would interfere with IPP
> performance if the print stream data is being computed as it is
> being sent.
As I understand it, the MD5 sum can be sent *after* the request, so
no up-front penalty is paid. Of course, I know of no server product
that supports it yet, but...
--
______________________________________________________________________
Michael Sweet, Easy Software Products mike at easysw.com
Printing Software for UNIX http://www.easysw.com