IPP Mail Archive: RE: IPP> Security proposal

RE: IPP> Security proposal

Turner, Randy (rturner@sharplabs.com)
Tue, 11 Nov 1997 13:37:37 -0800

> -----Original Message-----
> From: Scott Lawrence [SMTP:lawrence@agranat.com]
> Sent: Monday, November 10, 1997 6:49 AM
> To: ipp@pwg.org
> Subject: Re: IPP> Security proposal
>
>
> >>>>> "RT" == Randy Turner <rturner@sharplabs.com> writes:
>
> RT> Currently, I don't know of any way an HTTP client has to direct an
> RT> HTTP server to make a particular connection secure, and IPP needs
> RT> either end to indicate this requirement.
>
> >>>>> "SL" == Scott Lawrence
>
> SL> If you're using 'secure' as 'confidential', then the client
> requests
> SL> that protection by making the connection on the SSL port (https:),
> SL> and indicates that it does not require confidentiality by making
> the
> SL> request on a non-SSL port.
>
> The problem is that HTTPS is a different URL. What I was considering
> was the
> case where there is only one URL specified for the IPP printer. What
> I'm trying to
> avoid is running two different IPP services (one secure and one
> non-secure) if
> I want to support both secure and non-secure environments. With one
> URL,
> we just connect and negotiate whether or not security is required.
>
> SL> The service (the printer or print server) probably cares more
> about
> SL> authentication than confidentiality for IPP, and it can get that
> on
> SL> a connection that is either confidentiality protected or not
> using
> SL> Digest Access Authentication.
>
> The server caring more about authentication than confidentiality is
> emphaisized in my previous proposal, as is the option for
> confidentiality or not.
>
> Ultimately, my proposal prioritizes the selection of TLS for our only
> security framework for IPP. If we end up going down the path of
> supporting multiple URLs for different types of security, I think
> it would be unfortunate and add greater administrative and
> resource impact for those environments that would like to
> support both secure and non-secure IPP services.
>
Randy

> --
> Scott Lawrence EmWeb Embedded Server
> <lawrence@agranat.com>
> Agranat Systems, Inc. Engineering
> http://www.agranat.com/