IPP> SEC - Minutes from phone conference 970220

Carl-Uno Manros (cmanros@cp10.es.xerox.com)
Fri, 21 Feb 1997 10:28:40 PST

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Babak Jahromi: "RE: IPP> RE: MOD - Push back on simplifying Print operation response"
• Previous message: Roger K deBry: "IPP>SEC"

SEC subgroup - Minutes of phone call 2/20/97

on call were:

Roger deBry
Carl-Uno Manros (notetaker)
Steve Okamoto
Daniel Manchala
Bob Setterbo

This call was made shorter than earlier planned, as it turned out that
Jerry Hadsell was not in on the call. Bob Setterbo joined in for the first
time.

Comparison of HTTP 1.1 vs. SSL3 features

Daniel gave a short report on the new security features in HTTP 1.1.
They are documented in RFC 2069, as extension to the HTTP 1.1 specification
RFC 2068.

RFC 2069 contains a few variations on how to compose a certificate. The
bottom line is that it only allows authentication of the client (while SSL
3 has the option to authenticate both client and server) and it does not
provide any mechanism for encryption of the document data. SSL 3 requires a
trusted directory for certificates, while RFC 2069 does not need this.
It seems feasible that some IPP implementations would be happy to limit
themselves to the RFC 2069 functionality, while others may want to provide
the increased set provided by SSL 3. We did not see any reason for the IPP
project to decide which of the two should be used, the IPP model should
allow for either.

The only requirement we have found so far for additional info in the IPP
protocol is the ability to attach a certificate with a document reference
for cases where the server is asked to retrieve the document before
printing. Any other security features that we have talked about are either
handled by the underlaying protocol (HHTP 1.1 or SSL 3) or they are local
functions in the server (such as access control lists).

Commercial transactions

We went over this subject again and decided to recommend postponing such
features to IPP Version 2, as there is still too much movement in this
general area.

Homework assignments:

It was decided that we need to start documenting our findings to be
included in the Requirements and the Model documents.

Roger will take a stab at the proposed text for the Requirements document,
while Steve, Xavier and Daniel will work on the Model text.

Xerox has a problem with the Thursday afternoon phone conference time, and
will come up with a proposal for a different time. Carl-Uno will try to
find a new time, so stay tuned for new announcement about the time for next
week.

----
Carl-Uno Manros
Principal Engineer - Advanced Printing Standards - Xerox Corporation
701 S. Aviation Blvd., El Segundo, CA, M/S: ESAE-231
Phone +1-310-333 8273, Fax +1-310-333 5514
Email: manros@cp10.es.xerox.com

• Next message: Babak Jahromi: "RE: IPP> RE: MOD - Push back on simplifying Print operation response"
• Previous message: Roger K deBry: "IPP>SEC"

Comments are owned by the poster. All other material is Copyright © 2001-2024 The Printer Working Group. All rights reserved. IPP Everywhere, the IPP Everywhere logo, and the PWG logo are trademarks of the IEEE-ISTO.
About the PWG · Privacy Policy · PWG Webmaster