IPP> Re: PRO - Issue 32: Use of Basic & Digest Authentication

IPP> Re: PRO - Issue 32: Use of Basic & Digest Authentication

IPP> Re: PRO - Issue 32: Use of Basic & Digest Authentication

Michael Sweet mike at easysw.com
Fri Apr 9 13:18:45 EDT 1999


Keith Moore wrote:
> 
> > > 1) Both Basic and Digest are OPTIONAL for use with HTTP/1.1
> > > ...
> >
> > Then may I respectfully suggest that we make them OPTIONAL for IPP
> > as well?  If the IETF approves the HTTP/1.1 with that wording,
> > then certainly IPP/1.1 will get approved...
> 
> Nope.  HTTP and IPP are different problem spaces.  The need for
> authentication in IPP has nothing to do with the need for
> authentication in HTTP.

Given that HTTP supports a much broader range of applications than
IPP, I'm not sure I understand your logic here.  Granted, you can
tie up a printer by sending an unauthorized print job, but how is
that different in severity to cracking a system through POST/PUT
operations?

Mandatory authentication only provides protection against unwanted
print jobs; it doesn't prevent other types of DoS attacks.

-- 
______________________________________________________________________
Michael Sweet, Easy Software Products                  mike at easysw.com
Printing Software for UNIX                       http://www.easysw.com



More information about the Ipp mailing list