IPP Mail Archive: Re: IPP> Minutes of IPP Working Group Meet

Re: IPP> Minutes of IPP Working Group Meeting [about Validate-Jobsecurity challenges]

From: Michael Sweet (mike@easysw.com)
Date: Mon Mar 19 2001 - 08:53:09 EST

Next message: Carl Kugler: "RE: IPP> Minutes of IPP Working Group Meeting [about Validate-Job security challenges]"

Previous message: McDonald, Ira: "RE: IPP> Minutes of IPP Working Group Meeting [about Validate-Jo bsecurity challenges]"
In reply to: McDonald, Ira: "RE: IPP> Minutes of IPP Working Group Meeting [about Validate-Jo bsecurity challenges]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

"McDonald, Ira" wrote:
> ...
> Also, RFC 2617 makes clear that protecting the content with
> Digest (over the content and not just the headers) is still
> WEAK security, at best. If you need real security, you need
> a TLS session. Ain't no other way to get there.

Right (one of the reasons we concentrated on getting TLS into CUPS
rather than messing with MD5-sess, since it has broader support and
is a better solution...)

I was just pointing out that cnonce by itself won't prevent man-in-
the-middle attacks since the content can be altered by an
intermediary without detection by the server or the client.

-- 
______________________________________________________________________
Michael Sweet, Easy Software Products                  mike@easysw.com
Printing Software for UNIX                       http://www.easysw.com

Next message: Carl Kugler: "RE: IPP> Minutes of IPP Working Group Meeting [about Validate-Job security challenges]"
Previous message: McDonald, Ira: "RE: IPP> Minutes of IPP Working Group Meeting [about Validate-Jo bsecurity challenges]"
In reply to: McDonald, Ira: "RE: IPP> Minutes of IPP Working Group Meeting [about Validate-Jo bsecurity challenges]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Mon Mar 19 2001 - 08:55:52 EST