Network Working Group Ari Luoton=
en
Request for Comments: XXXX Netscape Communications Corporati=
on
Category: Informational September, 19=
97
Tunneling SSL through Web Proxy Servers
draft-luotonen-ssl-tunneling-03.txt, expires on 9/26/97
being considered for TLS?
-Carl
ipp-owner@pwg.org on 02/02/98 02:25:38 PM
Please respond to ipp-owner@pwg.org @ internet
To: ipp@pwg.org @ internet
cc:
Subject: IPP> TLS security section of protocol document
Just a note from the WG meeting in Hawaii...
During the discussions of security related matters regarding using
multiple
HTTP methods at the last meeting, Josh brought up a point that proxies
should be no problem with using a new method (such as PRINT) because it=
would just transparently pass it on through. I'm assuming that proxies
do this with all methods the proxy does not recognize (unless some type=
of method filtering is turned on).
This discussion got me thinking about proxies and IPP in general, with
my initial conclusion being that we have a problem using TLS for
end-to-end security in the presence of proxies. There is currently no
standard for delegation of authentication info across proxies ( or any
kind of "firewall" type of software). If the IPP client is configured t=
o
work with a particular proxy, and the IPP client is attempting
communication with a TLS-based printer URI, we might need to indicate i=
n
the protocol document that this (and possibly other scenarios) can
happen and what the implications of these scenarios might be.
My immediate question is do we consider updating the security
considerations section of the protocol document prior to IETF last call=
?
Randy
=