Hi Michael,
Note that my recommendation on best practice (straight out of
RFC 2617) use of 'cnonce' was for the IPP Implementors Guide,
not for the Protocol (RFC 2910). We have lots of recommendations
and advice about HTTP usage already in the IIG.
Also, RFC 2617 makes clear that protecting the content with
Digest (over the content and not just the headers) is still
WEAK security, at best. If you need real security, you need
a TLS session. Ain't no other way to get there.
Cheers,
- Ira McDonald, consulting architect at Sharp and Xerox
High North Inc
-----Original Message-----
From: Michael Sweet [mailto:mike at easysw.com]
Sent: Friday, March 16, 2001 2:17 PM
To: McDonald, Ira
Cc: 'Carl Kugler'; Hastings, Tom N; ipp at pwg.org
Subject: Re: IPP> Minutes of IPP Working Group Meeting [about
Validate-Jobsecurity challenges]
"McDonald, Ira" wrote:
> ...
> I think we want to strongly recommend that IPP Clients use (and
> IPP Printers expect to see used) the 'cnonce' option for better
> authentication, in the IIG.
> ...
IMHO, putting any restriction on the type of digest authentication
to use is outside the scope of IPP - that's a HTTP issue, and the
spec is fairly clear and would allow specific implementation or
sites to require cnonce or other security features of digest.
Also, cnonce does not eliminate man-in-the-middle attacks - you
need to use the MD5-sess algorithm to prevent changing of the
contents of the message body - cnonce only provides another bunch
of data to be added to the password sum and is of limited valid
if the server already provides random nonce values for each
challenge.
--
______________________________________________________________________
Michael Sweet, Easy Software Products mike at easysw.com
Printing Software for UNIX http://www.easysw.com