IPP> MOD - ISSUE 32: Is Digest REQUIRED for an IPP Client and an IPP P rinter to support?

IPP> MOD - ISSUE 32: Is Digest REQUIRED for an IPP Client and an IPP P rinter to support?

Hastings, Tom N hastings at cp10.es.xerox.com
Wed Jun 2 20:59:03 EDT 1999 

Comments on the proposed resolution to the IPP/1.1 issue concerning the
conformance requirements for Digest Authentication had been raised on the
mailing list as WG Last Call comments.  The IPP WG considered the issue at
its 5/26-27 meeting and reached consensus as shown.  We seek confirmation on
the mailing list by Thursday, June 10, 1999.
This particular issue was discussed during the 5/27 meeting with our Area
Director, Keith Moore calling in, along with others.  The agreement was to
RECOMMEND, not REQUIRE, an IPP Printer to contain support for Digest
Authentication.  The Encoding and Transport document will define Client
Authentication as Digest.  The Client MUST support Digest Authentication.
Shavaun will prepare a paper (with review by several others before being
sent to the ipp mailing list) explaining why REQUIRING Digest is not viable
or warranted for low end printers.  This paper will point out that
traditional FAX doesn't require client authentication.  This paper will be
sent to the IESG, especially the Security Area Directors, and included in
the Security Considerations part of the documents.
ISSUE 32: Is Digest REQUIRED for an IPP Client and an IPP Printer to
support?
Text for Section 5.1 Client Conformance:  
A client MUST support Client Authentication as defined in the IPP/1.1
Encoding and Transport document [IPP-PRO].  A client SHOULD support
Operation Privacy and Server Authentication as defined in the IPP/1.1
Encoding and Transport document [IPP-PRO].  See also section 8 of this
document.  
Text for a new sub-section to Section 5.2 IPP Object Conformance:  
5.2.7 Security 
An IPP Printer implementation SHOULD contain support for Client
Authentication as defined in the IPP/1.1 Encoding and Transport document
[IPP-PRO].  A Printer implementation MAY allow an administrator to configure
the Printer so that all, some, or none of the users are authenticated.  See
also section 8 of this document.
An IPP Printer implementation SHOULD contain support for Operation Privacy
and Server Authentication as defined in the IPP/1.1 Encoding and Transport
document [IPP-PRO].  A Printer implementation MAY allow an administrator to
configure the degree of support for Operation Privacy and Server
Authentication.  See also section 8 of this document.

More information about the Ipp mailing list