The last call and ballet comments are rolling in for RFC 2910bis and 2911bis; one issue has come up that I'd like some feedback on...
RFC 2910 made Digest REQUIRED for Clients and RECOMMENDED for Printers, and requires MD5 and MD5-sess support.
RFC 2910bis changed this to RECOMMENDED for both Clients and Printers based on our experience that Digest is not widely implemented. However, we've kept the MD5 and MD5-sess requirements if a Client or Printer *does* support it.
This latter portion is being raised as an issue: RFC 7616 (the current HTTP Digest RFC) deprecates MD5 and MD5-sess and requires SHA256 instead (which did not exist in 2000 when RFC 2910 was published). They don't like us still requiring MD5 support, and my proposed "require both MD5 and whatever is in RFC 7616" compromise wasn't acceptable.
What they want is for us to drop the MD5 requirement and note it, something like:
Note: The MD5 and MD5-sess algorithms were mandatory to implement in the original IPP/1.1: Encoding and Transport [RFC2910]. This requirement has been removed in this document since the algorithms are deprecated by the current Digest Authentication document.
I am inclined to make this change since we've already softened the conformance language because there is limited deployment of IPP implementations using HTTP Digest - this won't break existing implementations.
Michael Sweet, Senior Printing System Engineer
-------------- next part --------------
An HTML attachment was scrubbed...