[IPP] RFC: Deprecate the Print-URI and Send-URI operations and related attributes and values

[IPP] RFC: Deprecate the Print-URI and Send-URI operations and related attributes and values

Michael Sweet msweet at msweet.org
Wed Jun 16 13:13:33 UTC 2021


All,

The IPP workgroup would like to deprecate the Print-URI and Send-URI operations [STD92] and associated attributes, values, and status codes.  The reasons for these deprecations are primarily security-driven but also reflect 20 years of real-world implementation experience.


The specific issues we have discussed are:

1. Network Access Differences:  Clients and Printers can have different levels of access to networking, which can lead to print jobs failing because the Printer is unable to access a network resource (different networks, missing credentials, etc.) as well as print jobs succeeding because the Printer has access to otherwise protected/restricted network resources (e.g. bypassing personal firewalls). Even for non-malicious content, remote URIs can incur additional costs for network data/bandwidth usage that might otherwise not be accounted for or allowed.

2. Identification/Authentication/Access Control Issues:  Clients cannot always provide a Printer with the necessary credentials to access a remote resource, and sending some types of credentials (e.g. passwords, private keys, etc.) to the Printer poses a security threat.

3. Denial of Service Attacks:  A Client could potentially cause a Denial-of-Service by sending a URI to a malicious network service designed to provide malicious content to the Printer or to delay network transactions in a way that keeps the Printer busy fetching the remote document.

4. Required URI Scheme:  IPP/1.1 [STD92] only requires support for the "ftp" URI scheme/protocol, which is no longer supported by the major web browsers and operating systems out-of-the-box, is not a secure or modern protocol, and is often blocked by firewalls and ISPs.


As for implementation experience, some IPP spooler (Client-side) implementations have made use of these operations to provide access to internal resources without extra copying, for example when printing photos on iOS devices, but otherwise the various Client operating systems do not seem to make use of these operations.  Some Printers *do* support Print-URI and Send-URI for both FTP and HTTP/HTTPS, but there is no evidence that such functionality is in common usage.


Your feedback is greatly appreciated!


--------


The following is the IANA IPP registry template for this change:

Document Status attributes:                         Reference
--------------------------                          ---------
document-access-errors (1setOf text(MAX))           [PWG5100.5]
document-access-errors(deprecated)                  [IPPWG20210616]


Job Status attributes:                              Reference
---------------------                               ---------
job-document-access-errors (1setOf text(MAX))       [STD92]
job-document-access-errors(deprecated)              [IPPWG20210616]


Operation attributes:                               Reference
--------------------                                ---------
document-access (collection | no-value)             [PWG5100.18]
document-access(deprecated)                         [IPPWG20210616]
document-access-error (text(MAX))                   [STD92]
document-access-error(deprecated)                   [IPPWG20210616]


Printer Description attributes:                     Reference
-------------------------------                     ---------
document-access-supported (1setOf keyword)          [PWG5100.18]
document-access-supported(deprecated)               [IPPWG20210616]
reference-uri-schemes-supported (1setOf uriScheme)  [STD92]
reference-uri-schemes-supported(deprecated)         [IPPWG20210616]


Attributes (attribute syntax)
  Keyword Attribute Value                           Reference
  -----------------------                           ---------
document-state-reasons (1setOf type2 keyword)       [PWG5100.5]
  document-access-error                             [PWG5100.5]
  document-access-error(deprecated)                 [IPPWG20210616]

job-state-reasons (1setOf type2 keyword)            [STD92]
  document-access-error                             [STD92]
  document-access-error(deprecated)                 [IPPWG20210616]


Attributes (attribute syntax)
  Enum Value          Enum Symbolic Name            Reference
  ----------          ------------------            ---------
operations-supported (1setOf type2 enum)            [STD92]
  0x0003              Print-URI                     [STD92]
  0x0003(deprecated)  Print-URI                     [IPPWG20210616]
  0x0007              Send-URI                      [STD92]
  0x0007(deprecated)  Send-URI                      [IPPWG20210616]


Operation Name                                      Reference
--------------                                      ---------
Print-URI                                           [STD92]
Print-URI(deprecated)                               [IPPWG20210616]
Send-URI                                            [STD92]
Send-URI(deprecated)                                [IPPWG20210616]


Value    Status Code Name                           Reference
------   -----------------------------------------  ---------
0x0400:0x04FF - Client Error:
  0x0412 client-error-document-access-error         [STD92]
  0x0412(deprecated)                                [REFERENCE]


[PWG5100.5]: https://ftp.pwg.org/pub/pwg/candidates/cs-ippdocobject11-20190521-5100.5.pdf
[PWG5100.18]: https://ftp.pwg.org/pub/pwg/candidates/cs-ippinfra10-20150619-5100.18.pdf
[STD92]: https://tools.ietf.org/html/std92

________________________
Michael Sweet



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.pwg.org/pipermail/ipp/attachments/20210616/449f5b15/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 874 bytes
Desc: Message signed with OpenPGP
URL: <http://www.pwg.org/pipermail/ipp/attachments/20210616/449f5b15/attachment.sig>


More information about the ipp mailing list