IPP Mail Archive: Re: IPP> Re: New protocol document & Security issues

Re: IPP> Re: New protocol document & Security issues

Carl-Uno Manros (cmanros@cp10.es.xerox.com)
Wed, 28 May 1997 12:44:03 PDT

Randy,

a couple of comments to your latest comments below.

At 11:40 AM 5/28/97 PDT, you wrote:
>We talked about basic authentication in Memphis and we decided that
>low-end IPP
>servers could use this because it is simple. We really only need two
>levels of security,
>simple and advanced, for interoperability's sake. The simple case would
>be basic auth.,
>which alot of vendors are already supporting (username and password) in
>their products.
>The advanced case would be something like SSL or TLS/SSL, something that
>meets
>all of the security requirements discussed in past meetings. In my
>opinion, just two
>security models is all we need.

When you say that we discussed this in Memphis, I think that you might
have a different view of what was meant with "simple security".

You can certainly use the basic stuff that is in your document,
but if used, that will fall into the category "no security" as seen by the
SEC subgroup. What we mean by "simple security" is the stuff in RFC 2069,
and "avanced security" would be things like TSL (equal to SSL3). If you
are unhappy with this, I suggest you join in the SEC subfroup discussions.
The SEC subgroup will soon have a new draft for review.

Carl-Uno

Carl-Uno Manros
Principal Engineer - Advanced Printing Standards - Xerox Corporation
701 S. Aviation Blvd., El Segundo, CA, M/S: ESAE-231
Phone +1-310-333 8273, Fax +1-310-333 5514
Email: manros@cp10.es.xerox.com