I agree with your proposed response to the IETF folks.
Ira McDonald (Musician / Software Architect)
Co-Chair - TCG Trusted Mobility Solutions WG
Chair - Linux Foundation Open Printing WG
Secretary - IEEE-ISTO Printer Working Group
Co-Chair - IEEE-ISTO PWG Internet Printing Protocol WG
IETF Designated Expert - IPP & Printer MIB
Blue Roof Music / High North Inc
mailto: blueroofmusic at gmail.com
Jan-April: 579 Park Place Saline, MI 48176 734-944-0094
May-Dec: PO Box 221 Grand Marais, MI 49839 906-494-2434
On Thu, Aug 4, 2016 at 8:57 AM, Michael Sweet <msweet at apple.com> wrote:
>> The last call and ballet comments are rolling in for RFC 2910bis and
> 2911bis; one issue has come up that I'd like some feedback on...
>> RFC 2910 made Digest REQUIRED for Clients and RECOMMENDED for Printers,
> and requires MD5 and MD5-sess support.
>> RFC 2910bis changed this to RECOMMENDED for both Clients and Printers
> based on our experience that Digest is not widely implemented. However,
> we've kept the MD5 and MD5-sess requirements if a Client or Printer *does*
> support it.
>> This latter portion is being raised as an issue: RFC 7616 (the current
> HTTP Digest RFC) deprecates MD5 and MD5-sess and requires SHA256 instead
> (which did not exist in 2000 when RFC 2910 was published). They don't like
> us still requiring MD5 support, and my proposed "require both MD5 and
> whatever is in RFC 7616" compromise wasn't acceptable.
>> What they want is for us to drop the MD5 requirement and note it,
> something like:
>> Note: The MD5 and MD5-sess algorithms were mandatory to implement in the
> original IPP/1.1: Encoding and Transport [RFC2910]. This requirement has
> been removed in this document since the algorithms are deprecated by the
> current Digest Authentication document.
>>> I am inclined to make this change since we've already softened the
> conformance language because there is limited deployment of IPP
> implementations using HTTP Digest - this won't break existing
> Michael Sweet, Senior Printing System Engineer
> ipp mailing list
>ipp at pwg.org>https://www.pwg.org/mailman/listinfo/ipp>>-------------- next part --------------
An HTML attachment was scrubbed...