[IPP] RFC: Recommend same port/origin policy for resources in IPP Everywhere v1.1

[IPP] RFC: Recommend same port/origin policy for resources in IPP Everywhere v1.1

Ira McDonald blueroofmusic at gmail.com
Thu Aug 23 13:51:34 UTC 2018


Hi Mike,

Yes, I agree with this basic security improvement as a RECOMMENDATION.

Cheers,
- Ira
Ira McDonald (Musician / Software Architect)
Co-Chair - TCG Trusted Mobility Solutions WG
Chair - Linux Foundation Open Printing WG
Secretary - IEEE-ISTO Printer Working Group
Co-Chair - IEEE-ISTO PWG Internet Printing Protocol WG
IETF Designated Expert - IPP & Printer MIB
Blue Roof Music / High North Inc
http://sites.google.com/site/blueroofmusic
http://sites.google.com/site/highnorthinc
mailto: blueroofmusic at gmail.com
Jan-April: 579 Park Place  Saline, MI  48176  734-944-0094
May-Dec: PO Box 221  Grand Marais, MI 49839  906-494-2434



On Thu, Aug 23, 2018 at 9:46 AM Michael Sweet <msweet at apple.com> wrote:

> All,
>
> I've had some recent discussions internally at Apple concerning some
> network management issues with IPP printers that serve their resource files
> over a different port (typically port 80) than their IPP endpoint.
> Basically, it is "easy" to whitelist communications over port 631 (or 443,
> as is still often the case) for IPP but less desirable to whitelist port 80
> which is also used for web content.
>
> Effectively this means that we'd like to see printers advertise their
> printer-icc-profiles, printer-icons, printer-more-info,
> printer-strings-uri, and printer-supply-info-uri URLs with the same host
> and port as in printer-uri-supported and printer-xri-supported, which is
> supposed to match the HTTP Host header.  We can't make this a requirement
> in IPP Everywhere v1.1, but I'd like to add it as an explicit
> recommendation (Printers SHOULD ...) in sections 5.3 and 5.4, and note that
> the port number should also be included in section 5.1.1 which talks about
> using the HTTP Host header value.
>
> I also notice that printer-more-info should be listed as a Printer Status
> attribute and we need to add the missing printer-strings-uri and
> printer-strings-languages-supported attributes as RECOMMENDED...
>
> Thoughts?
>
> _________________________________________________________
> Michael Sweet, Senior Printing System Engineer
>
> _______________________________________________
> ipp mailing list
> ipp at pwg.org
> https://www.pwg.org/mailman/listinfo/ipp
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.pwg.org/pipermail/ipp/attachments/20180823/c31f90b8/attachment.html>


More information about the ipp mailing list