IPP Mail Archive: IPP> Security feautues in IPP

IPP> Security feautues in IPP

From: Carl (carl@manros.com)
Date: Sat Jul 12 2003 - 18:42:35 EDT

  • Next message: TAYLOR,BOB (HP-Vancouver,ex1): "RE: [printing-driver] RE: IPP> Print Quality Issue resolution"

    Hi all,

    I have just received the following request to the WG to classify the
    security features supported in our protocol according to the
    schema/questions below.

    I assume we need to give a little more details than just stating that we
    support SSL/TLS.

    Can somebody help me out with this so we get it rigth? We should then run
    the proposed answer on the IPP DL before sending it back to the IETF, so
    that we know we all agree on the content.

    Carl-Uno

    Carl-Uno Manros
    700 Carnegie Street #3724
    Henderson, NV 89052, USA
    Tel +1-702-617-9414
    Fax +1-702-617-9417
    Mob +1-702-525-0727
    Email carl@manros.com
    Web www.manros.com

    -----Original Message-----
    From: owner-wgchairs@ietf.org [mailto:owner-wgchairs@ietf.org] On Behalf Of
    Charlie_Kaufman@notesdev.ibm.com
    Sent: Thursday, July 10, 2003 7:40 PM
    To: wgchairs@ietf.org
    Subject: Security Survey for wgchairs from IAB

    First let me apologize for sending this during the crunch before an IETF
    meeting. If you don't manage to respond immediately, that's OK; I'll bug you
    again. Possibly even in person.

    Jim Kempf and I were tasked with doing a survey of IETF working groups to
    find out whether and how they are using the security mechanisms coming out
    of the security area. The goal is to figure out whether the right tools are
    being made available and whether how to use them is being communicated. This
    first attempt at a survey form is designed to be easy to fill out -
    particularly for working groups for which security is not particularly
    relevant - so we can figure out who we need to follow up with with more
    detailed questions. While we would encourage people to tell us as much as
    they feel is useful, a quick and incomplete response would be helpful as
    well.

    The questions are still being debugged. Some may make no sense in some
    contexts. Feel free to flame us about that. Your working group may be
    working on sufficiently diverse things that it makes more sense to respond
    separately for different work areas. If so, feel free. We assume that specs
    talk about some representation of data and some "remote" source and/or sink
    of that data. Not all do. Bear with us.

    Please send responses to ckaufman@us.ibm.com and kempf@docomolabs-usa.com

    Thanks for your help!

    1) Identification and Authentication: If the technology of this WG has a
    concept of things it talks to or about, how are they named and
    authenticated?

    Identification of users or administrators by: text string( ); DNS name( );
    rfc822 name( ); UID( ); CN( ): DN( ); Other ( )
    Identification of remote endpoints by: text string( ); DNS name( ); IP
    address( ); Link layer address( );
                  rfc822 name( ); UID( ); OID( ); Other( )
    Identification of data in a hierarchy by: text string( ); SNMP( );
    ID( ); OID( ); Other( )

    Authentication of users or administrators using passwords( ); reference to
    other specs( ); cryptographic algorithms( ); Other( );
         What other specs:
         What cryptographic algorithms:

    Authentication of remote endpoints using passwords( ); IP addresses( );
    Link Layer addresses( );
                  reference to other specs( ); cryptographic algorithms( );
    Other( )
       What other specs:
       What cryptographic algorithms:

    2) Protecting data while being transferred and/or stored:

    Protecting data by passing it over SSL and/or TLS ( )
    Protecting data by passing it over IPsec ( )
    Protecting data by encoding it with PKCS-7 / CMS / S/MIME ( )
    Protecting data using XML Signing and/or Encryption ( )
    Protecting data defined by referencing other specs ( )
    Protecting data with other cryptographic mechanisms ( )

    3) Provisioning/Configuration of security information (keys, user names,
    system names)
         By unspecified out of band mechanism ( )
         Referencing another spec ( ) Which?
         Specifies a protocol for doing this ( )



    This archive was generated by hypermail 2b29 : Sat Jul 12 2003 - 18:43:20 EDT