[IPP] RFC: HTTP Digest changes for RFC 2910bis

[IPP] RFC: HTTP Digest changes for RFC 2910bis

[IPP] RFC: HTTP Digest changes for RFC 2910bis

Paul Tykodi ptykodi at tykodi.com
Thu Aug 4 16:11:40 UTC 2016

Hi Mike,


I agree with your proposed change.




Best Regards,




Paul Tykodi
Principal Consultant
TCS - Tykodi Consulting Services LLC

Tel/Fax: 603-343-1820
Mobile:  603-866-0712
E-mail:   <mailto:ptykodi at tykodi.com> ptykodi at tykodi.com
WWW:   <http://www.tykodi.com/> http://www.tykodi.com


This e-mail reply and any attachments are confidential and may be

If you are not the intended recipient, please notify Tykodi Consulting
Services LLC 

immediately by replying to this message and destroying all copies of this

and any attachments. Thank you


From: ipp [mailto:ipp-bounces at pwg.org] On Behalf Of Michael Sweet
Sent: Thursday, August 4, 2016 8:58 AM
To: ipp <ipp at pwg.org>
Subject: [IPP] RFC: HTTP Digest changes for RFC 2910bis




The last call and ballet comments are rolling in for RFC 2910bis and
2911bis; one issue has come up that I'd like some feedback on...


RFC 2910 made Digest REQUIRED for Clients and RECOMMENDED for Printers, and
requires MD5 and MD5-sess support.


RFC 2910bis changed this to RECOMMENDED for both Clients and Printers based
on our experience that Digest is not widely implemented.  However, we've
kept the MD5 and MD5-sess requirements if a Client or Printer *does* support


This latter portion is being raised as an issue: RFC 7616 (the current HTTP
Digest RFC) deprecates MD5 and MD5-sess and requires SHA256 instead (which
did not exist in 2000 when RFC 2910 was published).  They don't like us
still requiring MD5 support, and my proposed "require both MD5 and whatever
is in RFC 7616" compromise wasn't acceptable.


What they want is for us to drop the MD5 requirement and note it, something


Note: The MD5 and MD5-sess algorithms were mandatory to implement in the
original IPP/1.1: Encoding and Transport [RFC2910]. This requirement has
been removed in this document since the algorithms are deprecated by the
current Digest Authentication document.


I am inclined to make this change since we've already softened the
conformance language because there is limited deployment of IPP
implementations using HTTP Digest - this won't break existing




Michael Sweet, Senior Printing System Engineer


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.pwg.org/pipermail/ipp/attachments/20160804/c1e2377b/attachment.html>

More information about the ipp mailing list