[IPP] Proper encoding to be used in "job-password" when "job-password-encryption" is not "none"

[IPP] Proper encoding to be used in "job-password" when "job-password-encryption" is not "none"

Kennedy, Smith (Wireless Architect) smith.kennedy at hp.com
Mon Apr 24 19:40:52 UTC 2017 

Thanks Mike! So to put this all together:

RFC 8011 section 5.1.11 defines octetString as being simply a collection of octets
"job-password" is defined in PWG 5100.11 as "job-password (octetString(255))" which means its value will be raw octets
If "job-password-encryption" is "none" then there is no hashing, so presumably the plain octets are passed along (which is a bad security choice and also makes it possible for encoding confusion in the absence of "job-password-repertoire")
If "job-password-encryption" is one of the other keywords identifying a particular hashing algorithm, then the raw octets of the out put of that hashing algorithm are to be used.

Did I get that right?

Smith



> On Apr 21, 2017, at 4:12 PM, Michael Sweet <msweet at apple.com> wrote:
> 
> Smith,
> 
> The octetString syntax is a BLOB type, so the raw MD5 bytes are transferred, not the ASCII representation.
> 
>> On Apr 21, 2017, at 1:28 PM, Kennedy, Smith (Wireless Architect) <smith.kennedy at hp.com> wrote:
>> 
>> Greetings,
>> 
>> Given the following scenario:
>> 	• An IPP Printer has reported via Get-Printer-Attributes:
>> 		• "job-password-supported" = 32
>> 		• "job-password-encryption-supported" = 'none', 'md5'
>> 		• (going to ignore "job-password-repertoire-configured" and "job-password-length-supported" for now...)
>> 	• An IPP Client acquires from the User a job password "beeblebrox"
>> 
>> If the Client chooses 'none', then it should send in a Validate-Job operation
>> 
>> "job-password-encryption" = 'none'
>> "job-password" = 'beeblebrox'
>> 
>> However, if the Client chooses 'md5', how does it encode the md5 hash octets? Does it encode it as hex-ascii in 32 octets like so?
>> 
>> "job-password-encryption" = 'none'
>> "job-password" = '3f73fde3af41b6a50c84a75f84892b85'
>> 
>> Or since 'job-password' is defined in 5100.11 as "job-password (octetString(255))", is it reasonable for it to provide the raw binary value? I cannot find any statement in PWG 5100.11, RFC 8010, or wp-job-password-repertoire-20160101.pdf that makes this clear. Is the Printer expected to handle both scenarios?
>> 
>> Thoughts?
>> 
>> Smith
>> 
>> /**
>>    Smith Kennedy
>>    Wireless Architect - Client Software - IPG-PPS
>>    Standards - IEEE ISTO PWG / Bluetooth SIG / Wi-Fi Alliance / NFC Forum / USB IF
>>    Chair, IEEE ISTO Printer Working Group
>>    HP Inc.
>> */
>> 
>> 
>> 
>> _______________________________________________
>> ipp mailing list
>> ipp at pwg.org
>> https://www.pwg.org/mailman/listinfo/ipp
> 
> _________________________________________________________
> Michael Sweet, Senior Printing System Engineer
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.pwg.org/pipermail/ipp/attachments/20170424/d8869ef0/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4241 bytes
Desc: not available
URL: <http://www.pwg.org/pipermail/ipp/attachments/20170424/d8869ef0/attachment.p7s>

More information about the ipp mailing list