Not every printer in every environment is going to need digest or TLS security.
By mandating a specific security requirement, you are attempting to create a
SINGLE design point for printers ranging from a couple hundred dollars to 10's
of thousands of dollars. Not a single shoe size fits all. Standards that fail
to meet the needs of a market (by being either too function rich, too function
poor or totally missing the mark) will wither and die. Ignoring that reality in
the name of altruism is a dead-end path.
**********************************************
* Don Wright don at lexmark.com *
* Director, Strategic & Technical Alliances *
* Lexmark International *
* 740 New Circle Rd *
* Lexington, Ky 40550 *
* 606-232-4808 (phone) 606-232-6740 (fax) *
**********************************************
moore%cs.utk.edu at interlock.lexmark.com on 04/22/99 03:24:29 PM
To: Don Wright at LEXMARK
cc: moore%cs.utk.edu at interlock.lexmark.com,
paulmo%microsoft.com at interlock.lexmark.com,
ipp%pwg.org at interlock.lexmark.com
Subject: Re: IPP> Re: PRO - Issue 32: Use of Basic & Digest Authentication
> except most of the configuration is done from the op panel and things like ip
> address, dns gateway, net mask are all NUMBERS.
depends on the printer...but there's no reason that the initial password
cannot be all numbers also, and also keyed in from the op panel.
then you can use that password to authenticate to the printer's web server.
or if you prefer, you can restrict usernames and passwords to all digits.
(though you would want to allow for long passwords - say 20 digits - so
that they would have enough entropy to thwart brute force search attacks)