IPP> SEC

Scott Lawrence (lawrence@agranat.com)
Mon, 12 May 1997 16:31:15 -0400

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Roger K Debry: "Re: IPP>MOD - Multiple documents per job"
• Previous message: Robert Herriot: "Re: IPP>MOD - Multiple documents per job"

SEC> RFC 2069: This provides some limited security services, mainly
SEC> only client side authentication. Security specialists frown upon
SEC> this solution because it uses unencrypted user names and
SEC> passwords. However, this solution could be used in combination
SEC> with a protocol that provides for secure transport.

RFC 2069 does not transmit user names or passwords in any form - put
simply, it transmits a cryptographic digest derived from the
username, password, and a server generated challenge. The
authentication derives from the fact that the client cannot generate
it correctly without knowing the user credentials.

SEC> SHTTP - Secure HTTP: Although on the IETF standards track, this
SEC> seems to lack some important features and does not seem to go
SEC> anywhere in the market place.

Actually, I believe that it provides everything IPP would need
(including non-repudiation - a service that has received too little
attention), but it is true that it may not be getting enough support
from the marketplace and doesn't seem to enjoy support in the IESG
(I don't know why not).

--
Scott Lawrence           EmWeb Embedded Server       <lawrence@agranat.com>
Agranat Systems, Inc.        Engineering            http://www.agranat.com/

• Next message: Roger K Debry: "Re: IPP>MOD - Multiple documents per job"
• Previous message: Robert Herriot: "Re: IPP>MOD - Multiple documents per job"

Comments are owned by the poster. All other material is Copyright © 2001-2025 The Printer Working Group. All rights reserved. IPP Everywhere, the IPP Everywhere logo, and the PWG logo are trademarks of the ISTO.
About the PWG · Privacy Policy · PWG Webmaster