Hi Gail,
HTTP/1.1 Digest Authentication (in RFC 2617) would be plausibly
sufficient for IPPFAX Sender authentication.
NOTE - HTTP/1.1 Digest requires that both the Sender and
Receiver have pre-configured knowledge of a shared secret
(the "password"). That seems to be less public Internet
friendly than certificate-based authentication, to me.
So Digest would work for pre-configured Senders, although a
TLS session is still necessary to maintain data integrity
(i.e., Digest w/out TLS is not helpful).
If the IPPFAX use model is GSTN fax-like, then Digest is
insufficient. If the IPPFAX use model is for pairs of
cooperating businesses or end users, then Digest plus
TLS Receiver authentication (certificate-based) is OK.
Cheers,
- Ira
-----Original Message-----
From: Gail Songer [mailto:gail.songer@peerless.com]
Sent: Wednesday, July 23, 2003 6:43 PM
To: McDonald, Ira
Cc: ifx@pwg.org
Subject: IPPGet
Ira,
The IPPFax protocol spec allows for other methods of authentication. Table
10 requires a Sender to support and use digest authentication. (Actually,
the requirements for the sender seem kind of confusing....) Would Digest be
sufficient to authenticate the user to retrieve subscription information?
Ippget: Ira believes that a sender needs to be authenticated to retrieve
subscription data and matching "requesting-user-name" is not
sufficient(especially for IPPFax). We discussed requiring Sender side TLS
authentication. Gail believes that this would limit the usability (how many
clients are really going to have certificates?). Relaxed the requirement
for IPPGet notifications to just requiring notifications.
This archive was generated by hypermail 2b29 : Thu Jul 24 2003 - 12:33:07 EDT