IPP Mail Archive: Re: IPP> TLS security section of protocol document

Re: IPP> TLS security section of protocol document

Carl-Uno Manros (cmanros@cp10.es.xerox.com)
Tue, 3 Feb 1998 09:37:04 PST

At 06:03 PM 2/2/98 PST, Turner, Randy wrote:
>
>Just a note from the WG meeting in Hawaii...
>
>During the discussions of security related matters regarding using
>multiple
>HTTP methods at the last meeting, Josh brought up a point that proxies
>should be no problem with using a new method (such as PRINT) because it
>would just transparently pass it on through. I'm assuming that proxies
>do this with all methods the proxy does not recognize (unless some type
>of method filtering is turned on).
>
>This discussion got me thinking about proxies and IPP in general, with
>my initial conclusion being that we have a problem using TLS for
>end-to-end security in the presence of proxies. There is currently no
>standard for delegation of authentication info across proxies ( or any
>kind of "firewall" type of software). If the IPP client is configured to
>work with a particular proxy, and the IPP client is attempting
>communication with a TLS-based printer URI, we might need to indicate in
>the protocol document that this (and possibly other scenarios) can
>happen and what the implications of these scenarios might be.
>
>My immediate question is do we consider updating the security
>considerations section of the protocol document prior to IETF last call?
>
>Randy
>

Randy,

I think that anything to do with proxy servers and firewalls can only
reliably be found out by real life testing, which is what Proposed
Standards are for. I do not see any points in doing further updates to the
our specification at this stage.

Carl-Uno
Carl-Uno Manros
Principal Engineer - Advanced Printing Standards - Xerox Corporation
701 S. Aviation Blvd., El Segundo, CA, M/S: ESAE-231
Phone +1-310-333 8273, Fax +1-310-333 5514
Email: manros@cp10.es.xerox.com