[IPP] Subject: Xerox has reviewed the IPP Authentication Methods and has one comment

[IPP] Subject: Xerox has reviewed the IPP Authentication Methods and has one comment

Cihan Colakoglu Cihan.Colakoglu at dda.kyocera.com
Thu Feb 28 17:48:01 UTC 2019 

Looks good, thank you.

Cihan
________________________________
From: Sukert, Alan <Alan.Sukert at xerox.com>
Sent: Thursday, February 28, 2019 7:19:26 AM
To: Kennedy, Smith (Wireless & Standards Architect); Cihan Colakoglu; Ira McDonald
Cc: ipp at pwg.org
Subject: RE: [IPP] Subject: Xerox has reviewed the IPP Authentication Methods and has one comment

No objections from me.

Alan
From: Kennedy, Smith (Wireless & Standards Architect) <smith.kennedy at hp.com>
Sent: Thursday, February 28, 2019 10:16 AM
To: Cihan Colakoglu <Cihan.Colakoglu at dda.kyocera.com>; Sukert, Alan <Alan.Sukert at xerox.com>; Ira McDonald <blueroofmusic at gmail.com>
Cc: ipp at pwg.org
Subject: Re: [IPP] Subject: Xerox has reviewed the IPP Authentication Methods and has one comment

Thanks Cihan! I didn't go back to the document and read the full paragraph (first paragraph from section 4.7) in place before replying to Alan. The current paragraph is this:

The 'certificate' IPP Authentication method uses X.509 certificate authentication via TLS. X.509 certificate authentication via TLS is initiated by the Printer by sending a Certificate Request message during the Transport Layer Security (TLS) [RFC5246] handshake. The Client then sends the X.509 certificate identifying the User and/or Client in a corresponding Certificate message, and a subsequent Certificate Verify message to prove to the Printer that the Client has the corresponding private key. If the Client has no configured X.509 certificate to provide, it sends an empty Certificate message.

After re-reading it, I think it ought to be this:

The 'certificate' IPP Authentication method uses X.509 certificate authentication via TLS. This authentication method is initiated by the Printer when it sends a Certificate Request message during the Transport Layer Security (TLS) [RFC5246] handshake. The Client responds by sending a Certificate message with the X.509 certificate identifying the User and/or Client. The Client then sends a Certificate Verify message to prove to the Printer that the Client has the corresponding private key. If the Client has no X.509 certificate to provide to the Printer, it sends an empty Certificate message.

Any objections to this rewrite?

Smith



On Feb 28, 2019, at 3:54 AM, Cihan Colakoglu <Cihan.Colakoglu at dda.kyocera.com<mailto:Cihan.Colakoglu at dda.kyocera.com>> wrote:

Hello,

I see a repetition below (blue color)

The 'certificate' IPP Authentication method uses X.509 certificate authentication via TLS. X.509 certificate authentication via TLS. This authentication method is initiated by the Printer by sending a Certificate Request message during the Transport Layer Security (TLS) [RFC5246] handshake.

I guess the intent was the following?

The 'certificate' IPP Authentication method uses X.509 certificate authentication via TLS.  This authentication methodis initiated by the Printer by sending a Certificate Request message during the Transport Layer Security (TLS) [RFC5246] handshake.


Best Regards,
Cihan Colakoglu
Kyocera Document Solutions

From: ipp <ipp-bounces at pwg.org<mailto:ipp-bounces at pwg.org>> On Behalf Of Ira McDonald via ipp
Sent: Tuesday, February 26, 2019 8:21 AM
To: Kennedy, Smith (Wireless & Standards Architect) <smith.kennedy at hp.com<mailto:smith.kennedy at hp.com>>; Ira McDonald <blueroofmusic at gmail.com<mailto:blueroofmusic at gmail.com>>
Cc: ipp at pwg.org<mailto:ipp at pwg.org>; Alan Sukert <alan.sukert at xerox.com<mailto:alan.sukert at xerox.com>>
Subject: Re: [IPP] Subject: Xerox has reviewed the IPP Authentication Methods and has one comment

Hi Smith and Alan,

I strongly prefer the two sentences solution.

We should all try to avoid long sentences with operational content in more than one
subclause, because they interfere w/ clarity.

Cheers,
- Ira

Ira McDonald (Musician / Software Architect)
Co-Chair - TCG Trusted Mobility Solutions WG
Co-Chair - TCG Metadata Access Protocol SG
Chair - Linux Foundation Open Printing WG
Secretary - IEEE-ISTO Printer Working Group
Co-Chair - IEEE-ISTO PWG Internet Printing Protocol WG
IETF Designated Expert - IPP & Printer MIB
Blue Roof Music / High North Inc
http://sites.google.com/site/blueroofmusic<https://protect-us.mimecast.com/s/_U1ICpYK0Ki3kzDEsPnRzM?domain=sites.google.com>
http://sites.google.com/site/highnorthinc<https://protect-us.mimecast.com/s/0wk_Cqx5v5ujBOW6UXw4fA?domain=sites.google.com>
mailto: blueroofmusic at gmail.com<mailto:blueroofmusic at gmail.com>
PO Box 221  Grand Marais, MI 49839  906-494-2434


On Tue, Feb 26, 2019 at 10:17 AM Kennedy, Smith (Wireless & Standards Architect) <smith.kennedy at hp.com<mailto:smith.kennedy at hp.com>> wrote:
Thanks Alan! This editorial feedback is important, and I'll make this change before we go to Formal Vote. As an alternative, I could replace the "and" with a period, and make the second half of the (pretty long) sentence a new sentence, like so:

The 'certificate' IPP Authentication method uses X.509 certificate authentication via TLS. X.509 certificate authentication via TLS. This authentication method is initiated by the Printer by sending a Certificate Request message during the Transport Layer Security (TLS) [RFC5246] handshake.

Any strong opinions either way? I'm also not sure that I should be capitalizing "Authentication" in "The 'certificate' IPP Authentication method...".

Smith





On Feb 26, 2019, at 6:01 AM, Sukert, Alan <alan.sukert at xerox.com<mailto:alan.sukert at xerox.com>> wrote:

Minor comment (grammatically sentence did not read correctly; suggested addition is in red type) that can be ignored if needed to approve - Lines 272-274: The 'certificate' IPP Authentication method uses X.509 certificate authentication via TLS. X.509 certificate authentication via TLS and is initiated by the Printer by sending a Certificate Request message during the Transport Layer Security (TLS) [RFC5246] handshake.

Alan Sukert
Product Security Specialist
Xerox Research and Product Development/ Product Security and Development Process Controls
Xerox Certified Green Belt
Alan.Sukert at xerox.com<mailto:Alan.Sukert at xerox.com>| tel 585.427.1413
MS 0111-03A | 800 Phillips Road | Webster, NY 14580 USA

-----Original Message-----
From: pwg-announce <pwg-announce-bounces at pwg.org<mailto:pwg-announce-bounces at pwg.org>> On Behalf Of Michael Sweet
Sent: Friday, February 1, 2019 12:36 PM
To: PWG Announcements <pwg-announce at pwg.org<mailto:pwg-announce at pwg.org>>
Subject: [PWG-Announce] PWG Last Call: IPP Authentication Methods (Ends February 28, 2019)

Hi,

[This PWG Last Call starts today, February 1, 2019, and ends Thursday, February 28, 2019 at 10pm US Pacific time.]

This is the formal announcement of the IPP Authentication Methods best practice docuemnt, located at:

   https://ftp.pwg.org/pub/pwg/ipp/wd/wd-ippauth-20190116.pdf<https://protect-us.mimecast.com/s/kd-vCrk5w5flMA93U460M6?domain=ftp.pwg.org>

The IPP WG has completed extensive review of the various revisions of this document and a workgroup last call.

The PWG Process/3.0 requires that a quorum of PWG members (30% or 7 members) must acknowledge a PWG Last Call (with or without comments), before any document can progress to PWG Formal Vote.  This PWG Last Call is NOT a Formal Vote but it DOES require your review acknowledgment.  The PWG Definition of the Standards Development Process Version 3.0 is located at:

   https://www.pwg.org/chair/membership_docs/pwg-process30.pdf<https://protect-us.mimecast.com/s/AOXrCv25A5hz1WX0hA3lKY?domain=pwg.org>


HOW TO RESPOND

Send an email with *exactly* the following subject line format:

   Subject: <Company Name> has reviewed the IPP Authentication Methods and has [no] comments


WHERE TO SEND YOUR RESPONSE

Please do NOT simply reply to this note on the PWG-Announce list.

Please send your response to *all* of the following email addresses:

   ipp at pwg.org<https://protect-us.mimecast.com/s/M03GCwp5B5I36LpZs1sVDy?domain=pwg.org> (IPP WG mailing list - you must be subscribed!);
   smith.kennedy at hp.com<https://protect-us.mimecast.com/s/9ht6Cxk5D5fo8JOqTWWxvt?domain=hp.com> (Smith Kennedy, PWG Chair, IPP Authentication Methods editor)
   blueroofmusic at gmail.com<https://protect-us.mimecast.com/s/DcQxCyP5E5u5DNnmcPi4nA?domain=gmail.com> (Ira McDonald, PWG Secretary, IPP WG Co-Chair)
   ptykod at tykodi.com<https://protect-us.mimecast.com/s/1fS2Czp5G5IoDRLNTMxko5?domain=tykodi.com> (Paul Tykodi, IPP WG Co-Chair)
   msweet at apple.com<https://protect-us.mimecast.com/s/ASrkCADo5oTA09YJFBooN-?domain=apple.com> (Mike Sweet, IPP WG Secretary)

Note: You must be subscribed to the IPP WG mailing list to send email to that list - otherwise your email will be silently discarded. You can subscribe to this list at:

   https://www.pwg.org/mailman/listinfo/ipp<https://protect-us.mimecast.com/s/NL3NCBBp5pu5qVoJcQGmyW?domain=pwg.org>


_________________________________________________________
Michael Sweet, Senior Printing System Engineer

_______________________________________________
pwg-announce mailing list
pwg-announce at pwg.org<mailto:pwg-announce at pwg.org>
https://www.pwg.org/mailman/listinfo/pwg-announce<https://protect-us.mimecast.com/s/2nZSCDkr5rflpBPrUv_Y7t?domain=pwg.org>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.pwg.org/pipermail/ipp/attachments/20190228/bd42ab0e/attachment.html>

More information about the ipp mailing list