IPP Mail Archive: RE: IPP> DRV - Client Print Support Files

RE: IPP> DRV - Client Print Support Files Internet-Draftdown-load ed

From: McDonald, Ira (imcdonald@sharplabs.com)
Date: Wed Nov 08 2000 - 14:15:30 EST

  • Next message: Michael Sweet: "Re: IPP> DRV - Client Print Support Files Internet-Draft down-loaded"

    Hi Michael and Hugo,

    Don't shoot at me yet...

    I agree that there is real danger in fetching a whole driver
    without any guarantee of the integrity (and actual source)
    of the driver. An IPP Printer with weak security becomes an
    attractive target for trojan horse exploits.

    Since all the drivers will be labelled MIME types, what about
    using an S/MIME (Secure MIME) wrapper to authenticate the driver?

    See RFC 26333 (S/MIME v3 Messages) and RFC 2632 (S/MIME v3
    Certificate Handling)?

    Comments?

    Cheers,
    - Ira McDonald

    -----Original Message-----
    From: Michael Sweet [mailto:mike@easysw.com]
    Sent: Wednesday, November 08, 2000 10:47 AM
    To: Hugo Parra
    Cc: ipp@pwg.org
    Subject: Re: IPP> DRV - Client Print Support Files
    Internet-Draftdown-loaded

    Hugo Parra wrote:
    > ...
    > > I'm also confused about the use of a MIME type for the
    > > document-format value and a keyword for the file-type value...
    >
    > Michael, can you be more specific. It's not clear to me what is it
    > that you're finding confusing.

    Well, the driver file will also have a MIME type, right? Why bother
    with a non-standard keyword value when a MIME type will do?

    (this may mean registering MIME types for some of the types you
    have listed, but using a MIME type will allow you to use other
    types of driver files in the future without having to specify
    them in the spec...)

    > ...
    > This field was added by the group in the Chicago meeting. We
    > looked at several scenarios where a user or program would need
    > this additional information to select the "right" print support
    > file. The value of this field may be populated by a printer

    I wouldn't use "policy" as the name then; maybe a "preference"
    number, like the preference numbers used for mail exchangers?

    The danger I see here is that a malicious user could provide a
    bogus printer driver or a manufacturer could have a buggy driver.
    Supporting a "policy" type of value implies that certain policies
    could force an automatic install of the driver (without user or
    admin approval), which opens the door to all sorts of problems.
    Without some sort of signature or certificate, you can't "trust"
    the driver you are downloading...

    -- 
    ______________________________________________________________________
    Michael Sweet, Easy Software Products                  mike@easysw.com
    Printing Software for UNIX                       http://www.easysw.com
    



    This archive was generated by hypermail 2b29 : Wed Nov 08 2000 - 14:25:49 EST