I agree with your proposed change.
TCS - Tykodi Consulting Services LLC
E-mail: <mailto:ptykodi at tykodi.com> ptykodi at tykodi.com
WWW: <http://www.tykodi.com/> http://www.tykodi.com
This e-mail reply and any attachments are confidential and may be
If you are not the intended recipient, please notify Tykodi Consulting
immediately by replying to this message and destroying all copies of this
and any attachments. Thank you
From: ipp [mailto:ipp-bounces at pwg.org] On Behalf Of Michael Sweet
Sent: Thursday, August 4, 2016 8:58 AM
To: ipp <ipp at pwg.org>
Subject: [IPP] RFC: HTTP Digest changes for RFC 2910bis
The last call and ballet comments are rolling in for RFC 2910bis and
2911bis; one issue has come up that I'd like some feedback on...
RFC 2910 made Digest REQUIRED for Clients and RECOMMENDED for Printers, and
requires MD5 and MD5-sess support.
RFC 2910bis changed this to RECOMMENDED for both Clients and Printers based
on our experience that Digest is not widely implemented. However, we've
kept the MD5 and MD5-sess requirements if a Client or Printer *does* support
This latter portion is being raised as an issue: RFC 7616 (the current HTTP
Digest RFC) deprecates MD5 and MD5-sess and requires SHA256 instead (which
did not exist in 2000 when RFC 2910 was published). They don't like us
still requiring MD5 support, and my proposed "require both MD5 and whatever
is in RFC 7616" compromise wasn't acceptable.
What they want is for us to drop the MD5 requirement and note it, something
Note: The MD5 and MD5-sess algorithms were mandatory to implement in the
original IPP/1.1: Encoding and Transport [RFC2910]. This requirement has
been removed in this document since the algorithms are deprecated by the
current Digest Authentication document.
I am inclined to make this change since we've already softened the
conformance language because there is limited deployment of IPP
implementations using HTTP Digest - this won't break existing
Michael Sweet, Senior Printing System Engineer
-------------- next part --------------
An HTML attachment was scrubbed...