[IPP] Initial draft of IPPS URI Scheme (25 August 2010)

[IPP] Initial draft of IPPS URI Scheme (25 August 2010)

Ira McDonald blueroofmusic at gmail.com
Mon Aug 30 21:41:54 UTC 2010


I agree with Mike.  If you support "ipps:" on an IPP Printer object
and also support "ipp:", then you MUST support HTTP Upgrade.

About encryption:

For many printing situations (emails, service messages, etc.) it's
fine to send the data in cleartext over the enterprise network, VPN,
or even public Internet - but you still want Data Integrity (i.e., secure
hashes of application PDUs in the TLS Record layer) - "print what
you sent" - right?

- Ira

Ira McDonald (Musician / Software Architect)
Chair - Linux Foundation Open Printing WG
Co-Chair - TCG Hardcopy WG
IETF Designated Expert - IPP & Printer MIB
Blue Roof Music/High North Inc
mailto:blueroofmusic at gmail.com
  579 Park Place  Saline, MI  48176
  PO Box 221  Grand Marais, MI 49839

On Mon, Aug 30, 2010 at 5:34 PM, Michael Sweet <msweet at apple.com> wrote:

> On Aug 30, 2010, at 8:20 AM, Ira McDonald wrote:
> ...
> I do think we should RECOMMEND against the practice,
> because it supplies ambiguous security to the IPP Printer
> object.
> FWIW, while it is certainly possible I think it would be better to simply
> require that printers supporting both ipp and ipps report the appropriate
> keywords for uri-security-supported (ssl3 and/or tls) along with mandatory
> support for HTTP Upgrade.  That would be consistent with our "message" since
> IPP/1.1 and gives us what we want on the standards side of things.
> Whether a Printer allows clear-text connections when configured with
> SSL/TLS support is, IMHO, a site-specific policy outside the scope of IPP,
> and in particular HTTP Upgrade allows both the Client and Printer to enforce
> a particular policy dynamically.  Moreover, some communications channels may
> already be secured, making any transport-level encryption optional over
> those channels.
> ________________________________________________________________________
> Michael Sweet, Senior Printing System Engineer, PWG Chair

This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.pwg.org/pipermail/ipp/attachments/20100830/4192e024/attachment-0001.html>

More information about the ipp mailing list