IPP> Re: PRO - Issue 32: Use of Basic & Digest Authentication

IPP> Re: PRO - Issue 32: Use of Basic & Digest Authentication

SHIVAUN_ALBRIGHT at HP-Roseville-om2.om.hp.com SHIVAUN_ALBRIGHT at HP-Roseville-om2.om.hp.com
Thu Apr 22 17:22:18 EDT 1999 

I agree with Don.  Mandating that all printers have security in order to be 
IPP/1.1 compliant is forcing a requirement on printers that may not be 
warranted for their market segments.  Certain market segments may not want or 
need security on their Printers and forcing this on the device manufacturer to 
claim compliancy is unacceptable.

Shivaun Albright
Hewlett-Packard

> -----Original Message-----
> From: Non-HP-don /HP-Roseville,mimegw3/dd.HPMEXT1=don at lexmark.com 
> Sent: Thursday, April 22, 1999 12:43 PM
> To: Non-HP-moore /HP-Roseville,mimegw3/dd.HPMEXT1=moore at cs.utk.edu
> Cc: Non-HP-don /HP-Roseville,mimegw3/dd.HPMEXT1=don at lexmark.com;
> Non-HP-paulmo /HP-Roseville,mimegw3/dd.HPMEXT1=paulmo at microsoft.com;
> Non-HP-ipp /HP-Roseville,mimegw3/dd.HPMEXT1=ipp at pwg.org
> Subject: Re: IPP> Re: PRO - Issue 32: Use of Basic & Digest
> Authentication
> 
> 
> 
> Not every printer in every environment is going to need 
> digest or TLS security.
> By mandating a specific security requirement, you are 
> attempting to create a
> SINGLE design point for printers ranging from a couple 
> hundred dollars to 10's
> of thousands of dollars.  Not a single shoe size fits all.  
> Standards that fail
> to meet the needs of a market (by being either too function 
> rich, too function
> poor or totally missing the mark) will wither and die.  
> Ignoring that reality in
> the name of altruism is a dead-end path.
> 
> **********************************************
> * Don Wright                 don at lexmark.com *
> * Director, Strategic & Technical Alliances  *
> * Lexmark International                      *
> * 740 New Circle Rd                          *
> * Lexington, Ky 40550                        *
> * 606-232-4808 (phone) 606-232-6740 (fax)    *
> **********************************************
> 
> 
> 
> 
> 
> moore%cs.utk.edu at interlock.lexmark.com on 04/22/99 03:24:29 PM
> 
> To:   Don Wright at LEXMARK
> cc:   moore%cs.utk.edu at interlock.lexmark.com,
>       paulmo%microsoft.com at interlock.lexmark.com,
>       ipp%pwg.org at interlock.lexmark.com
> Subject:  Re: IPP> Re: PRO - Issue 32: Use of Basic & Digest 
> Authentication
> 
> 
> 
> 
> > except most of the configuration is done from the op panel 
> and things like ip
> > address, dns gateway, net mask are all NUMBERS.
> 
> depends on the printer...but there's no reason that the 
> initial password
> cannot be all numbers also, and also keyed in from the op panel.
> then you can use that password to authenticate to the 
> printer's web server.
> or if you prefer, you can restrict usernames and passwords to 
> all digits.
> (though you would want to allow for long passwords - say 20 
> digits - so
> that they would have enough entropy to thwart brute force 
> search attacks)
> 
> 
> 
>

More information about the Ipp mailing list